The General Data Protection Regulation (GDPR) comes into force on the 25 May 2018 and will replace Data Protection Act, 1998 (DPA). UCL has designed a comprehensive Programme of work designed to deliver the changes necessary for GDPR compliance. We will continue to update this statement as the work develops and progresses.
As part of our legal obligations we have published Staff, Student and General Privacy notices. Where require local privacy notices will be issued to inform individuals about what personal data is gathered, how it is used, stored and retained.
UCL also has a data protection policy that sets out our commitment to the safeguarding of personal data processed by its staff and students and our stances on compliance with data protection legislation. This policy describes how UCL will discharge its duties in order to ensure compliance with the data protection principles and rights of data subjects in particular and will be updated for GDPR in due course.
You can find information about the changes from the Information Commissioner's Office (ICO). The ICO is the UK regulator who oversees compliance with data protection legislation.
UCL Privacy Notices
- General privacy notice
- Staff privacy notice
- Student privacy notice
- UCL Data Protection Policy this is under review and will be updated in due course
There may be instances where local privacy notices are used to provide additional information about a UCL service. Please check these as you engage with them.