Personal information and calendars

GDPR has been a hot topic for over a year now and it isn’t going to go away! Each month, the SRS newsletter will contain some basic data protection information that we all need to be aware of as part of our day-to-day work. This month, we will look at Calendars.

If you have any questions, comments or if there is anything in particular that you would like to see covered, please let Lucy know by emailing srs-compliance@ucl.ac.uk or l.minks@ucl.ac.uk.

Using your Outlook calendar

All members of SRS have access to personal Microsoft Outlook calendars, which are undoubtedly a useful resource for managing work time and appointments. The default settings for SRS allow other members of the division to access information held in calendars, so we must be mindful of what information we store there. This is especially important when using Outlook calendars to arrange appointments with or about students (or prospective students).

In general, we should follow these rules: 

• Calendars should not be used to store or send special category data or any personal data that could identify students as using a UCL service related to health or wellbeing
• We should not store or send documents that contain students personal data in the Outlook calendar
• If there is a justifiable reason for holding such data in your calendar, we should set the appointment to private using the ‘private’ option (symbolised by a padlock on the ribbon)

Please note that ‘Personal data’ means any information relating to an identified or identifiable person. This includes pseudonymised personal data, such as a student ID number. 

Further information about calendar privacy settings can be found on the Information Services Division website. 

If you are concerned about any of this information, please don’t hesitate to contact Lucy Minks.