GDPR at Ulster University
Information on Ulster University's approach to GDPR.
The General Data Protection Regulation ("GDPR") came into force across the European Union on 25th May 2018 and along with the Data Protection Act 2018, replaces the Data Protection Act 1998.
The new Regulation seeks to better protect individual’s rights around privacy and personal data in view of the rapid changes in technology that have occurred since 1998.
The University is already compliant in respect of most of the GDPR requirements including the requirement to document data held, communicate privacy information, maintain records of processing activities and report notifiable breaches.
The University Secretary, Mr Eamon Mullan, is the University’s designated Data Protection Officer. The Data Protection Officer has the primary responsibility for coordinating Data Protection compliance across the University, including reporting, and is the ultimate arbitrator within the University in respect of Data Protection matters.
The most significant changes relate to the extended rights of data subjects (people about whom data is held).
We are currently updating our policies and guidance to adopt the new legislation.
A Privacy Notice informs data subjects (people about whom personal data is held) when, why and how their personal data is used by the University.
GDPR provides data subjects (people about whom personal data is held) with important rights.
Golden rules for protecting personal data
- Ensure that data are kept securely in terms of physical security of offices and filing cabinets.
- Beware when sharing personal data – always ask why?
- Ensure that the use of, and access to, computers, laptops and other portable electronic data processing/storage devices is compliant with University guidance.
- Never share your password with anyone.
- Be wary of web links in emails and on websites.
- Ensure that access to personal data is restricted only to authorised persons.
- Ensure that personal data are retained only for the period of time for which it is required.
- Always ensure that data is disposed of securely and records retained.
Third Party Data Processing Agreement
Please review the document with explanatory notes before using the templates.
For more information
Contact firstname.lastname@example.org or the Office of the University Secretary for further information