HESA’s data analytics team are now part of Jisc.
As part of the integration, Jisc and HESA have agreed formal roles to govern the uses of HESA data. Jisc will now deliver HESA’s data analytics services.
Both organisations have set up data panels to oversee new and existing data releases and products. The data panels ensure that HESA data, which includes information relating to individuals is protected and only used in ways that they have been told about in the HESA collection notices on HESA's website.
There are different arrangements for the products and services previously provided by HESA. The organisation that makes decisions about how to use personal data is the ‘Controller’ in data protection legislation. The organisation that processes data on the Controller’s instructions is called a ‘Processor’.
The below sets out the data protection position for each of the products and services provided by Jisc, using HESA data.
Jisc’s data and analytics products and services
For tailored datasets and Heidi Plus, HESA is the Controller and Jisc is a Processor working on HESA’s behalf. This means HESA takes all decisions about whether and how data can be processed for these uses.
For data consultancy, degree programme accreditation report and discover graduate outcomes products, Jisc will be the Controller of the HESA data within these products. This means that the decisions regarding the use of the data within these products will sit with Jisc.
When you buy a data product your contract will identify who is the data controller, and any data protection obligations that you have to comply with.
If you are a data subject (ie your data might be included in a product) and you have questions about how we use your data, you should contact the Controller. HESA and/or Jisc can be contacted using the links below: