Who enforces the rules regarding the processing of data?
Each member state of the EU has a supervisory authority. In the UK, the supervisory authority is the Information Commissioner’s Office (ICO).
Individuals may also challenge the use of their data themselves.
If there is a breach of the rules, the ICO can fine an organisation up to 4% of its turnover or require changes in its policies and procedures.
Data Protection Officers (DPO) have been appointed to give advice in the collegiate University and to advise on internal compliance with GDPR and the Data Protection Act 2018.
The DPO for the central University is Felicity Burchett, and she heads a team of data privacy specialists, the Information Compliance Team.
The team is supported by a network of ‘hub contacts’ who University staff and students can go to for help and advice. You can find out who is your GDPR hub contact here.
Colleges and subsidiaries also have a DPO.