What is The UWI Data Protection Policy?
A policy document approved by the University Finance & General Purposes Committee (U-F&GPC) on February 14, 2020 that governs personal data provided to and/or maintained by The UWI pertaining to previously registered, registered or prospective students, UWI personnel, staff and third parties. It applies to data held in both manual and electronic formats.
Why do we need a Data Protection Policy at The UWI?
The UWI, like other leading institutions, must properly protect the Data it collects from all sources and especially the Personal Data of its staff, students and alumni. The UWI Data Protection Policy (DPP) outlines the ways in which the University manages Personal data at various stages, including the rights of the person to whom the data relates, to access this data.
What is The UWI Data Protection Policy intended to do?
The objectives of this policy are to:
- establish an operating framework for persons handling personal data at The UWI;
- educate persons handling personal data at The UWI of the requirements of the relevant data protection legislation and policies within The UWI’s campus countries and those of The UWI’s global partners;
- raise awareness of the rights of data subjects regarding respective data protection legislation;
- outline how The UWI will comply with the relevant data protection legislation;
- provide best practices for staff and students;
- raise awareness of the consequences of a breach of The UWI’s responsibilities under the various data protection legislation; and
- facilitate and promote The UWI’s compliance with relevant data protection legislation.
Why is the Policy important?
The implementation of this policy aligns with several of the University’s core values: integrity and excellence as well as its civic responsibility exerting due care in the handling of personal data. The policy was implemented to: -
- establish an operating framework for persons handling personal data at The UWI;
- raise the awareness of persons handling personal data at The UWI of the requirements of the relevant Data Protection legislation and policies within The UWI’s campus countries and those of The UWI’s global partners;
- facilitate and promote The UWI’s compliance with relevant Data Protection legislation
What does personal data entail?
- student registration information;
- examination results;
- health records;
- employment records;
- financial information; and
- data related to alumni, friends and partners of The UWI.
Who has to comply with the Data Protection Policy?
The policy applies to all authorised staff who handle the personal data of staff, students, suppliers, and alumni on behalf of The UWI. The roles and responsibilities of key personnel are clearly outlined in the policy.
What happens if there is a breach of the Data Protection Policy at The UWI?
The UWI has instituted a three-step approach to managing data breach, which involves:
- Collection of incident details
- Notification of data breach and risk assessment
- Evaluation and response
Does The UWI have a Data Protection Officer?
Yes. On August 1, 2021, Dr Patrick Anglin was appointed University Data Protection Officer (UDPO). The UDPO will serve as the advisor to University's leadership teams, committees, and governing bodies on all strategic and operational matters relating to Data Protection and related compliance issues. The primary point of contact for data subjects (the persons to whom personal data relate) and supervisory authorities (the government entities responsible for compliance with data protection and privacy legislation), the UDPO will also be responsible for monitoring adherence to The UWI Data Protection Policy and, by extension, all applicable data protection/privacy laws. Importantly, UDPO will oversee the governance of Personal Data provided to and maintained by The UWI pertaining to previously registered, registered or prospective students, UWI personnel, staff and third parties.
Does The UWI have a privacy statement?
Yes. The UWI has privacy statements, through which it endeavours to:
- comply with both the Data Protection legislation and policies in the countries in which The UWI operates, and global Data Protection best practices;
- protect the privacy rights of all students, staff, alumni;
- ensure that the Personal Data in The UWI’s possession are kept safe and secure;
- support staff of The UWI in meeting their legal responsibilities;
- mandate that third parties processing data on behalf of the University observe our Policy;
- respect the Data Protection rights of individuals; and
- provide awareness training and support for staff who process Personal Data.
The UWI currently has:
General Privacy Statement
Student Privacy Statement
Staff Privacy Statement
Alumni Privacy Statement