Legal Services


General Data Protection Regulation (GDPR)

The new GDPR comes into effect in May 2018. It will replace the current Directive and apply to all EU member states without the need for national legislation. The implementation will require comprehensive changes to the way in which organisations, like UCL, collect, use and transfer personal data. 


Orgainsations will need to adopt policies and procedures to ensure that they will comply with the new regulation. This website will provide information about the data protection reforms and what might happen next.

Please revisit this page as further information is posted.

The impact of Brexit

The result of the EU referendum and the UK’s decision to leave the EU will have an impact on the GDPR in the UK. Whilst the final position is not yet clear the consensus of opinion is that the GDPR’s provisions will ultimately apply to the UK in one form or another. For example, if the UK remains a member of the Single Market/EEA the GDPR will continue to apply. If the UK leaves the Single Market it would appear likely that the UK Government will adopt GDPR provisions into national law in order to facilitate simple transfers of personal data between EU member states and the UK. The timing of the GDPR coming into effect also makes it possible that the new regulation will apply to the UK prior to any change of UK status.

Further information

The Information Commissioner’s Office (ICO) has published a number of useful guides to help orgainisations understand the new framework which may or may not be implemented in the UK as a result of a post-Brexit UK/EU relationship. If it is decided that the UK is to remain part of the EEA then the GDPR would still apply and still have an impact on UK-based companies.