IT Services | IT safety, security and data protection | IT Safety and Security - Staff Obligations

Document Actions

IT Safety and Security - Staff Obligations

All Birkbeck staff need to understand their obligations with respect to processing personal data.

ICO guidance states the GDPR defines personal data, "any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier."

Article 4 of the GDPR states processing is, "means any operation or set of operations performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction." 

This means if you ask someone for personal information, and simply record it somewhere -even if you don't act on it you are still considered to be processing personal data, and hence required to comply with the law.

What should you do?

  • Read the information on this website.
  • Watch the following video which we have produced to help summarise this information and guide you through it.
  • If you are not sure ASK before you DO. Email its@bbk.ac.uk for advice.