On 25 May 2018, the most significant piece of European data protection legislation to be introduced in 20 years came into force. The EU General Data Protection Regulation (GDPR) replaced the 1995 EU Data Protection Directive. The GDPR strengthens the rights that individuals have regarding personal data relating to them and means there is one set of data protection rules for all organisations operating in the EU, wherever they are based.
We are committed to GDPR compliance and remain committed to providing robust privacy and security protections across our systems.
To ensure our systems comply with the new EU data protection rules, we reviewed all our systems and made some changes.
1. All users must register for themselves, if they are not already registered
Anyone who is to be added to a proposal as a co-investigator must be registered in the ISIS online system before they can be added (previously it has been possible for a proposal author to add other people without them being registered). This doesn’t affect anyone who is already registered – just people who are not already in the system.
Please ask any colleagues who are new to the facility to register so that you can add them to proposals – the registration site is here: https://users.facilities.rl.ac.uk/auth/CreateAccount.aspx
2. Keep you better informed who we share data with
Across all our systems, we have made it clearer why we ask you for personal information.
We have updated our terms and conditions and privacy notice to better explain what we do with the personal data we collect.
We also added a privacy tab so you can update your details and have greater control over how we use your personal data.
When you look for people to add to a proposal, we have changed our search function to search by email address. You can copy and paste the email address in, and we also now suggest some people you have worked with before so you can add them without needing to search for them. Previously you could search by surname but then if there were multiple matches we had to share extra information to help you decide who to add and this is no longer possible.
3. Reviewed what is necessary we ask
We have stopped collecting information we no longer need.
Where we still need some of the personal information but not as much as before we have changed what we ask. For example, if anything happens to you while you are visiting us we need to have someone we can contact immediately. Previously we asked you for details of your next of kin but now we just ask you for an emergency contact phone number. This could be a contact number at your organisation who will then be able to contact others (colleagues, family, etc.) as appropriate.