Data management strategy

We aim to enable data planning and governance to effectively manage university data as an asset, ensuring that data is collected, created and processed in a compliant manner that is also in the best interests of the wider University.

Overview

  1. The University acquires, creates and retains data in a variety of digital and non-digital formats. It also holds personal data and special category (sensitive) data about data subjects, including patients, so must comply with the provisions of current data protection legislation.
  2. It recognises that there needs to be a balance between its:
    1. Public accountability and transparency in its governance
    2. Compliance with regulatory obligations including data protection legislation
    3. Need to protect both the personal and commercially sensitive confidential information it holds.
  3. The University has implemented a data management strategy to ensure that data is collected, created and processed in a compliant manner in the best interests of the wider University, supports its organisational strategy and informs the design and development of its technical architecture and business processes.

Strategic aims

This strategy is underpinned by the following eight guiding principles:

Data, in all forms, is recognised as a university asset

Data is managed as a corporately owned asset with clear governance processes to control its processing and retention.

Data is held in compliance with the University’s regulatory obligations including data protection legislation

Data is kept secure and personal data must only be processed under appropriate, usually limited, conditions in compliance with data protection legislation. Data subjects are able to exercise rights in respect of their own personal data.

Confidence in the reliability and quality of the data is maintained throughout its lifecycle

The University holds timely, accurate and reliable data in order to manage activities and meet internal and external requirements to enable it to demonstrate accountability through accurate reporting.

Data will be governed appropriately throughout its lifecycle in relation to its purpose

Data is assigned to a designated information asset owner (IAO). It must be kept secure and personal data must only be processed under appropriate, usually limited, conditions in compliance with data protection legislation.

All data should be identifiable

Data is identified, findable and managed in a structured manner and labelled and recorded in a consistent and logical fashion.

All data processing changes are subject to control

Implementing and codifying the measures to be taken when making changes to the processing of data is vital to ensuring that the significant remedial work required to establish the right conditions for success does not have to be repeated in the future. Change control is a vital component of effective data management.

All data will be ultimately governed by the Executive Board with guidance from the designated overseeing committee

Governance structures for data are now in place with an appropriate designated overseeing committee.

The level of rigour is proportionate to the risk

The University’s Information Assurance Strategy will inform data requirements. This Data Management Strategy will ensure that the data collection, processing and sharing meets the needs of the University and effectively supports its mission.

Objectives

Data Management Strategy

(390.7 KB .PDF)
DOWNLOAD