GDPR: Announcements

Links to announcements about UCL's preparations for GDPR.

2018

• UCL Provost, Michael Arthur's message update on UCL GDPR online training (07 November 2018)
• UCL Provost, Michael Arthur's message regarding All staff GDPR online training: Launch (05 September 2018)
• UCL Provost, Michael Arthur's message regarding Data Protection Legislation training for all UCL staff (23 August 2018)
• Professor Graham Hart - General Data Protection Regulation (GDPR): Update (22 February 2018)
• UCL Provost, Michael Arthur's message in the Week@UCL

What the Programme team has introduced so far:

• New: Guidance for researchers on appropriate safeguards under GDPA (2016) and DPA (2018) 
• New: Guidance for supervisors on data protection where students are processing personal data
• New: UCL general research participant privacy notice
• New: guidance note on transfering personal data outside the EEA
• Updated Subject Access Request form 
• Accessible version of the GDPR Online Training
• New Privacy Notice for prospective students
• UCL GDPR Online Training
• Updated FAQs
• Updated Privacy Policy for the collection of staff and student data.
• Guidance notes for UCL staff; historical mailing lists; images and videos in relation to GDPR; handing personal data responsibly; writing a privacy policy; Data Privacy Impact Assessment (DPIA); implications of GDPR and DPA 2018 for researchers, 'legitimate interests' as a lawful basis for processing personal information, Research with Children: Guidance on Data Protection Issues; Using Out of Office messages and dealing with information rights requests; guidance on using email; loss of personal data (data breach).
• Publication of a staff briefing pack.
• Launched UCL’s Data Protection Impact Assessment and guidance.
• Roll out of the GDPR sceening survey (compliance survey) to a cross section of departments and faculties (designed to capture information about data collection, processing and storage practices which will provide a baseline understanding of the risk of non-compliance with GDPR).
• Assess the legal basis for processing data and publish our interpretation of GDPR.

Over the coming weeks and months, the programme team will introduce:

• Reviewing and amending high-risk processing contracts.
• Guidance notice on consent forms, and marketing & PECR.
• Deliver new GDPR information security and information governance training.