Ensure that my work is GDPR compliant
Before you start
Data protection legislation gives people the right to know what information is held on them and requires the university to ensure that personal information is handled according to seven principles:
- Lawfulness, fairness and transparency;
- Purpose limitation;
- Data minimisation;
- Accuracy;
- Storage limitation;
- Integrity and confidentiality; and
- Accountability.
In addition to the above principles, the legislation also introduces new requirements such as privacy by design, privacy impact assessments and tougher information security controls.
Every member of staff at UCL is expected to have completed information compliance training, which includes GDPR Training.
If you have not already done this, please do so at your earliest opportunity.
Please see step 2, below.
- 1. Understand how GDPR affects you
GDPR affects every part of the university and every operation that involves personal data i.e. information relating to an identified or identifiable living person. Everyone has an individual responsibility to help with the compliance effort.
- 2. Complete the relevant training
Information compliance training is mandatory for staff (including honorary staff) and PhD students.
- 3. Report any data breaches IMMEDIATELY
In cases where there has been a security incident involving personal information, UCL has only 72 hours to report such breaches to the Regulator.
- 4. Follow email best practice
Please read and follow UCL’s Email Policy. There is also a guidance note on good email practice that you should follow.