Data protection policy

Provides detailed information and advice to ensure compliance with data protection law.


UCL collects, stores and processes the personal data of living individuals such as its staff, students, contractors, research subjects and customers in order to carry out its functions. This processing is regulated by the General Data Protection Regulation 2016 and Data Protection Act 2018 (’data protection law’).  

Personal data can be defined as any information relating to an identified or identifiable person who can be identified – directly or indirectly – by reference to an identifier such as name, an identification number, location data or online identifier. 

The policy covers all UCL activities and processes in which personal data is used, whether in electronic or manual form, and provides a framework for its staff, students and other stakeholders to work within to ensure compliance. The policy forms part of UCL’s commitment to the compliant processing of personal data.

Contents include

•    Accountable roles 
•    Policy statements 
•    Dependencies
•    Related documents 
•    Stakeholders
•    Policy owner
•    Policy contact
•    Review Plan 
•    Sanctions
•    Complaints
•    UCL’s Governance Framework
•    History

Policy link

Data protection policy



Last updated: Tuesday, August 13, 2019