Where and how will data be stored?
All personal data will be handled and stored in accordance with the current relevant legislation – the Data Protection Act 1998 and the General Data Protection Regulation (GDPR) – and the University of Portsmouth Data Protection Policy as follows:
- Files containing personal data will be stored in a secure University archive;
- Copies of personal data will be encrypted immediately after collection, employing an AES 256-bit key algorithm, and stored on:
- A password-protected laptop;
- A password-protected USB drive (Aegis Secure Key 3.0);
where both passwords will be different, of 16 characters in length, and updated every three months.
No personal data will be transferred outside the EEA (and the server on which the online forum is stored is also based in the EEA).
Destruction, Retention and Reuse of Data
All research data will be handled in accordance with the University of Portsmouth Retention Policy, and managed in accordance with the Freedom of Information Act 2000, where:
- Personal data will be destroyed securely immediately after the limit period for the withdrawal from research had passed;
- Research data will be retained for ten years;
- Consent forms will be destroyed ten years after the completion of the project.
Your Rights (under the new General Data Protection Regulation)
- Right to be informed about the collection and processing of yor personal data.
- Right of access to your personal data which is stored for the purposes of this research project. wh
- Right of rectification of your personal data, if this is incorrect.
- Right to be forgotten, in the sense that you have the right to request for your personal data to be erased by contact the researcher.
- Right to restrict processing of your personal data.
- Right to data portability, which means that you can obtain the personal data in a format in which you can store, move, transfer and copy it.
You can find more detailed information about your rights on the Information Commissioner’s Office website here.