XClose

Data Protection

Menu

Data Protection Overview

University College London (UCL) is committed to complying with data protection legislation, including the Data Protection Act (DPA 2018) and the UK General Data Protection Regulation (UK GDPR). This ensures that all personal data is processed lawfully, fairly, and transparently.

Key Principles

UCL adheres to the following data protection principles:

  1. Lawfulness, Fairness, and Transparency: Personal data must be processed lawfully, fairly, and in a transparent manner.
  2. Purpose Limitation: Data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
  3. Data Minimisation: Data collected must be adequate, relevant, and limited to what is necessary.
  4. Accuracy: Personal data must be accurate and kept up to date.
  5. Storage Limitation: Data must be kept in a form that permits identification of data subjects for no longer than necessary.
  6. Integrity and Confidentiality: Data must be processed in a manner that ensures appropriate security.

Data Protection Officer (DPO)

UCL has appointed a Data Protection Officer to oversee compliance with data protection laws and to provide guidance to staff and students. The DPO can be contacted at data-protection@ucl.ac.uk.

Mandatory Training 

All staff must complete the mandatory data protection training module. This training is essential to ensure that everyone understands their responsibilities regarding data protection.

Personal Data

Personal data refers to any information relating to an identifiable person. This includes names, addresses, identification numbers, and other identifying information.

Special Category Data

Special category data includes information on racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, sex life, or sexual orientation. Processing this data requires additional safeguards.

Data Breaches

UCL has a comprehensive data breach response plan to handle such incidents. In the event of a data breach, it must be reported immediately to the Information Security Group (ISG) and DPO as soon as it is discovered.

If for any reason you are unsure whether an issue constitutes a personal data security breach or if it seems minor or a near miss, please still report it by completing the Personal Data Breach Reporting Form.

International Data Transfers

UCL ensures that any transfer of personal data outside the UK complies with data protection laws. This includes using appropriate safeguards such as Standard Contractual Clauses or ensuring the receiving country has adequate data protection laws

 

support

Guidance

In-depth information about data protection legislation at UCL including helpful guidance notices for all staff and students at UCL.

    fdsgdgfd

    Online Training

    This page provides UCL staff and students with details on how to access UCLs online data protection / GDPR training.