Data Protection


Data Protection Overview

UCL is required by law to comply with data protection legislation (Data Protection Act (DPA 2018) and General Data Protection Regulation (GDPR)), it is committed to ensure that every member of staff and registered student protects personal data by making sure that they process it lawfully, fairly and transparently.

Personal data means information which relates to a living, identifiable person. It can include names, addresses, telephone numbers, email addresses but it is wider than that and includes any other information relating to that person or a combination of information which, if put together, means that the person can be identified.  

Everyone who processes personal data on behalf of UCL must ensure that they comply with the university’s data protection policy. As part of meeting our legal obligations, UCL has appointed a Data Protection Officer (DPO) and has put in place a comprehensive programme to comply with our obligations as a data controller and ensure that appropriate technical and organisational measures are in place.



In-depth information about data protection legislation at UCL including helpful guidance notices for all staff and students at UCL.


    Online Training

    This page provides UCL staff and students with details on how to access UCLs online data protection / GDPR training.