Data Protection


Data Protection Policy

The Data Protection Policy sets out how UCL protects personal data. It is a set of principles, rules and guidelines that informs how all users will ensure ongoing compliance with data protection laws.


UCL collects, stores and processes the personal data of living individuals such as its staff, students, contractors, research subjects and customers in order to carry out its functions. This processing is regulated by the General Data Protection Regulation and the Data Protection Act. The purpose of this policy and the accompanying Data Protection Implementation Guidance is to provide detailed information and advice to ensure compliance with data protection law. The policy covers all UCL activities and processes in which personal data is used, whether in electronic or manual form, and provides a framework for its staff, students and other stakeholders to work within to ensure compliance. The policy forms part of UCL’s commitment to the compliant processing of personal data.

Contents include

Accountable roles
Policy statements
Related documents

Who should read this policy

All staff
Temporary staff
Teaching staff
Student support staff


UCL Data Protection Policy

Last updated: Tuesday, August 13, 2019