Apologies if you receive this e-mail more than once.
Please note changes to JiscMail service policies in order to comply with the new General Data Protection Regulations (GDPR).
These are available at:
The main changes in these service policies are 2 new sections: Section 5: Mailing List Privacy Notice and Section: 12: Data Protection Schedule, as well as re-numbering sections as appropriate, and there are some updates to: Section 4: Role of List Owners, Section 7: Mailing List Archives, Section 9: Limitations, Section 10: Data Protection.
If you have any questions about these changes please contact [log in to unmask]
Joint List Owner
=== New section: https://www.jiscmail.ac.uk/policyandsecurity/index.html#5 Section 5: Mailing List Privacy Notice ===
Provides the default privacy notice for mailing lists, it explains how information (provided by subscribers, when joining a mailing list or using a mailing list) is used, is stored and (in some cases) shared, and how it can be removed. As mentioned in the previous update, it is important that list owners make subscribers aware of the privacy notice.
=== New section: https://www.jiscmail.ac.uk/policyandsecurity/index.html#12 Section 12: Data Protection Schedule ===
This schedule describes the agreement between Jisc/JiscMail (the Data Processor), and the List Owner (Data Controller). As such GDPR requires that there be a written agreement between the Controller (LIST OWNER) and Processor (JiscMail) that sets out the Processor obligations with regard to this Processing. Jisc's legal team are taking a consistent approach with Jisc services and are putting in place a standard Data Protection Schedule (you may have already seen a version of this for other Jisc services you/your organisation may use).
=== Update:Section 10: Data Protection https://www.jiscmail.ac.uk/policyandsecurity/index.html#10 ===
The Data protection section has been updated to reference new legislation, and the following statement:
"The Data Protection Schedule sets out JiscMail's obligations to each list owner (the data Controller) with regard to any Personal Data it processes on behalf of the list owner. In the event of any conflict between the Data Protection Schedule and any other provision of these service policies, the relevant provision of the Data Protection Policy shall take precedence."