Regulatory Developments

Last updated: 
3 months 2 weeks ago
Blog Manager
Log in to request membershipHide blog description
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Recent members:

Revised DPIA cribsheet

DPIA collection cribsheet v2.0.docx

Shortly after we did out first Data Protection Impact Assessments, on the Janet Security Operations Centre and the Jisc Learning Analytics Service, the ICO published its DPIA guidance. This contained a few minor additions, which have been added to this new version of our information gathering cribsheet:

  • In section (a) the nature of processing should mention any new technologies or novel processing and retention periods for data. There's also specific information about the context: how many data subjects there are, where they are located, what our relationship is with them and what expectations they are likely to have of us and our processing.
  • In section (c) the harms considered should include discrimination, fraud, financial loss, reputational damage, physical harm, loss of confidentiality, reidentification, other significant economic or social disadvantage
  • In section (d) measures and safeguards include training, documentation, pseudonymisation, and reduced retention.

We'll be using this revised cribsheet for future DPIAs, including when we revisit the existing ones.

  • Twitter logo
  • LinkedIn logo
  • Google+ logo
  • Reddit logo
  • StumbleUpon logo
Data Protection Regulation
Data Protection Impact Assessment