UCL Planning Team


Transparency, Security & Privacy


Our customers have told us that, in principle, all management information should be made open and transparent. This is because insight can be gained from comparative management information that allows users to learn from others. We recognise, however, that there may be exceptions. For example, we are legally required to restrict access to certain datasets, especially data concerning individuals (for example student and staff records).  


We are conscious of the need to restrict access to sensitive information to appropriate audiences. As we begin the delivery of new management information in new ways, implementing a comprehensive security model will be a priority. The first management information reports we release (on admissions and pre-award grants) will not contain any personal data. 

Responsibilities in using Management Information

In requesting access to management information and the Tableau reports, you agree that you:

1. Are familiar with UCL's Data Protection Policy.

2. Have completed the Data Protection Training, accessed via Moodle.

3. Have completed UCL Information Security Awareness training, accessed via Moodle.

4. Are familiar with any additional data retention policies which exist in your department.

The Data and Insight Service complies with all requirements with regards to data protection, freedom of information and privacy. A complete description of these legal requirements is available on the UCL Legal Services website.

As some data in the Tableau reports may be confidential and may include individualised staff or student information, you must ensure compliance with UCL's approaches to handling sensitive data as outlined in UCL's Information Security Policy (password protected).

General Data Protection Regulation (GDPR)

The General Data Protection Regulation legislation came into effect in May 2018. The GDPR has changed the way in which organisations, like UCL, collect, use and transfer personal data.

GDPR legislation has affected the provision of the Data & Insight service from May 2018. The service will consider the different types of processing it carries out as part of its activities, to ensure compliance.

Whilst the Data & Insight service can still rely on consent as a legal basis to process personal data, a data subject must be given an easy way to withdraw it. Consent must still be 'explicit' for the processing of sensitive data, renamed 'special category' data under GDPR. A data controller will need to demonstrate that such consent has been given.

More information concerning how GDPR legislation affects UCL is available on the UCL Legal Services website.


Contact the Data & Insight team