The EU - U.S. Privacy Shield is no longer valid
The European Court of Justice has invalidated the EU - U.S. Privacy Shield: Schrems II case, that allowed the transfer of personal data between the two regions, stating that personal data protection and its judicial protection in the U.S. is not in keeping with requirements of EU law.
This will affect any future contracts determining whether data can be transferred to a U.S. based company. UCL has produced a short guidance note based on the initial impact of this decision. If you have any queries surrounding this issue after reading our guidelines, please contact the data protection office before doing so on: email@example.com.
Impact of Covid-19
We understand this is a worrying time for UCL staff and students with many business processes changing as a result of the impact of Covid-19, which results in questions around how to protect personal data when working in a different manner.
We have produced two sets of guidance to answer the most frequently asked questions:
- Guidance for research and ethical approval in light of the COVID-19 pandemic
- Covid-19 Data Protection FAQs
In addition, as we currently need to prioritise research related to Covid-19, researchers in other areas looking to register their research with data protection may find the following FAQs helpful:
Data protection legislation protects individuals personal data by setting standards for the processing of their information and requiring those processing personal data to comply with these standards.