b) Second legislative area, or understanding and engaging with policies and standards

Supporting Statements

The UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018 are a key pieces of legislation both in my own management of personally identifiable data in the workplace and when providing advice to academic staff and students. I have also had to build an enhanced understanding of data protection due to the disciplines I support. In my role, I use the approved storage tool according to the task at hand (University of Brighton, 2020, p. 17). For instance, Microsoft Teams is a viable choice for collaboration but not for storage of research information. As compared to SharePoint the supported staff intranet for internal data. As compared to individual-level storage and temporary working files for which Microsoft OneDrive is appropriate. I use staff and student support meetings and sessions as opportunities to extoll the virtues of these tools. The proliferation of affordable cloud-based storage solutions for personal storage purposes, such as Dropbox, Box, and iCloud Drive, means that this is an ongoing challenge. Sometimes staff and students can be a little bit resistant as they may have established personal workflows and it is not a riveting topic. Furthermore, citing the law specifically can be counterproductive as it is chiding rather than enabling.

My successful strategy for promoting data protection has been to provide practical steps for integrating the approved storage tools into existing workflows. For example, I encourage staff to ask me about file management workflows and I specify that I will only accept work files via OneDrive not email1. In social work, there was a need to build in file management digital capabilities for students due to handling confidential documents and securely sharing those documents with external work placement staff. I therefore added OneDrive skills and file management training as a precursor to students’ use of e-portfolios2. The external work placement staff were also shown the workflow for students at an in-person workshop. I made an adjustment to the social work e-portfolios template (2018/19) in response to UK GDPR, changing the document upload blocks to embedded PDF blocks3. This meant that that academic staff and external work placement staff who were reviewing student work could view work in the web browser rather than downloading documents. An added benefit was that it was easier for students to see that they had completed each document block. A downside was that outdated web browsers did not support this format, so alternatives had to be put in place where browsers could not be updated due to older hardware.

I presented to health and social work students in 2019 on the importance of digital identity and professionalism. I used a gamified approach, entitled: Phish or Legit?4 The game supported the concept that data breaches are often caused by human error and deliberate attempts to steal information such as phishing. The game was delivered in a classroom using Nearpod to enable students to participate on their personal devices. It was based on emails sourced from colleagues at the IT Service Desk and encouraged students to interrogate the authenticity of emails as a group using interactive polls. Students did well although they were unsure of certain aspects which I fedback on.

UK GDPR is also relevant to third-party tools used for teaching and audience interaction. This came up in relation to Watch Party and live lecture formats where I highlighted the importance of selecting tools that do not require students to sign-up for accounts5. Third-party tools will be used so I mitigate risk by advising on these tools and supporting critical appraisal of pros and cons.


Data Protection Act 2018, c. 12. Available at: https://www.legislation.gov.uk/ukpga/2018/12/contents/enacted (Accessed: 31 May 2021).

'REGULATION (EU) 2016/679 (General Data Protection Regulation)' (2016) EUR-Lex. Available at: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679 (Accessed: 31 May 2021).

University of Brighton (2020) UoB IT Regulations. Unpublished.


  1. Evidence: Anonymised practice development example (used with the permission) (2021). An email exchange with an academic staff person and colleague from the Learning & Teaching Hub. Working through a solution for a file exchange problem. Represents modifications to a formative workflow for better student experience and GDPR compliance. ↩︎

  2. Evidence: Social Work training materials demonstrating file management (2019/20) - PowerPoint | PDF quick view. I created these slides for the technical instructors to use with students. ↩︎

  3. Evidence: As demonstrated on p. 11 of Core Area 2(b) evidence 3↩︎

  4. Evidence: Excerpts from Nearpod presentation for Social Work students (2019) - Link to Nearpod preview ↩︎

  5. Evidence: Mural board prividing a quick comparison of Watch Party and group meeting tools (2021). Includes ‘deal breakers’ in relation to privacy and student use. ↩︎