Legal Services


Data Protection Overview

UCL is required by law to comply with the Data Protection Act, 1998 (DPA). The UK’s regulator for the DPA is the Information Commissioner’s Office.  It is the commitment of the university to ensure that every current employee and registered student complies with this Act to ensure the confidentiality of any personal data held by UCL, in whatever medium. This Act came into force on 1 March 2000.

UCL processes the personal data of living individuals such as its staff, students, contractors, research subjects and customers.  To assist you with this legislation we have developed guidance including the forms for its administration.

UCL has a data protection policy as a commitment to the safeguarding of personal data processed by its staff and students, and to ensure compliance with the DPA.

It is the duty of data controllers such as UCL to comply with the data protection principles with respect to personal data.  This policy describes how UCL will discharge its duties in order to ensure continuing compliance with the DPA in general and the data protection principles and rights of data subjects in particular.

For more information, updates, and useful links, please visit our Guidance pages.