Data Protection Policy Steering Committee

The purpose of the Steering Committee is to ensure that the implementation of the Data Protection Policy is effectively managed.  The Steering Committee, as a decision-making body provides, reviews and monitors strategic direction, policy guidance and recommendations to ensure effective implementation of the policy.

Some of the active areas of work for this committee currently include the formulation and adoption of relevant Privacy Statements, Data Management Procedures, Data Protection Awareness Training and Support, and Compliance Audits. This is effected through Working Groups comprising expert members across the university system, spanning the thematic spheres of Legal, Human Resources, Archives and Record Management, Technology, Marketing and Communications and Registry Operations.

Working Groups

Legal

To investigate, discuss, analyse, advise on, and provide solutions for issues with legal and/or policy implications. Some of the activities include:

  • Data Protection Obligations
  • Rights of Data Subject
  • Processing Agreements
  • Data Processing Impact Assessment (DPIA)
  • Consent
  • Processing Children’s Data
  • Subject Access Requests
  • Policies and Procedures

Information Communication Technology

To investigate, review and provide solutions for the technical (infrastructure, hardware, software, or services) issues encountered, and the human resources required for successful post-project operations.  Some of the activities include:

  • To review infrastructure and software for data protection compliance
  • Privacy by Design
  • Information Security
  • Basis for processing data

Marketing and Communications

To lead the dissemination, through the various communication channels used by The UWI, of data protection information (practices, policies, etc.). Some of the issues to be addressed:

  • Subject Access Requests (SARs)
  • Data Breach Response Plan
  • Processing Agreements

Campus Records

To ensure that records, both traditional and electronic, are included and properly administered according to the strictures of the Data Protection Policy. Some of the activities include:

  • Data Retention and Accountability
  • Data Retention times

Human Resources

To review staff operations and address the issues related to data protection as well as to determine and provide recommendations to address talent management and issues concerning the rights and responsibilities of staff (full-time or otherwise) in relation to the new privacy paradigm the University has adopted. Some of the issues to be addressed include:

  • Data Protection Obligations
  • Policies and Procedures
  • Training
  • Basis for Processing Data
  • Rights
  • Data Retention and Accountability
  • Consent

Registry Operations

To review staff operations in student processes - Admissions, Registration, and Examinations sections.  Some of the issues to be addressed include:

  • Data Protection Obligations
  • Policies and Procedures
  • Basis for Processing Data
  • Rights
  • Data Retention and Accountability