General Data Protection Regulation (GDPR) was introduced in 2018, requiring consent to the storage and processing of personal data on NIHR systems.
In the context of the Apps Portal (https://portal.nihr.ac.uk), the user will be prompted to provide consent to the transference of personal data between the identity provider and the end application, with the purpose of validating credentials and ensuring the users have access to the correct and appropriate application.
As things stand, the NIHR Hub acts as a separate entity, therefore consent is provided as part of the AUP acceptance. The steps to providing consent, or otherwise, are listed below alongside a diagram illustrating this.
Step 1: To proceed you have to tick certain fields and you 'tick' to confirm your consent to certain data being used The 'data list' will be different for each system. The linked Privacy Notice tells you more about how your data used within the system. If there are optional fields and you do not select them then that data will not be transferred from the login provider (IDG) to the actual system you are trying to use.
Step 2: To proceed you tick a box to confirm that you will adhere to the system Terms and Conditions and are content with the Privacy Policy.
Step 3: If you choose the “Cancel” option then the login process is stopped and the user is redirected away from the next screen. The user is able to complete the process again at a later point if required. Anyone wishing for the initial data provided to be deleted should contact the Service Desk.
Step 4: If you use multiple systems you may end up going through multiple consent screens. Once you have Accepted each system’s consent you will not be prompted again.