UCC has a Data Protection (DP) Policy plus a suite of complementary policies and procedures. New GDPR requirements will be integrated into the DP Policy and associated procedures. For example: updated roles and responsibilities, new DPIA requirements, data processor requirements, changes to definitions, new timelines. UCC also has Data Breach procedures in place and the Information Compliance Officer already maintains a Central Register of Data Breaches. New regulations such as the mandatory reporting of data breaches to the DP Commissioner require the review and update of these procedures. The Breach Register, associated procedures and reporting mechanisms will be revised. There will be new templates for data breach notifications created.
Other related policies and procedures will be reviewed and updated where appropriate. For example: Externally Hosted Personal Data Policy, Records Management Policy. Each functional area will be required to review their own policies to ensure they align with the University policies.