GDPR at Ulster University
On 25 May 2018, the General Data Protection Regulation (GDPR) will replace the outgoing Data Protection Act 1998 (DPA) and will apply to all EU member states.
The new Regulation seeks to better protect individual’s rights around privacy and personal data in view of the rapid changes in technology that have occurred since 1998.
The University is already compliant in respect of most of the GDPR requirements including the requirement to document data held, communicate privacy information, maintain records of processing activities and report notifiable breaches.
The most significant changes relate to the extended rights of data subjects (people about whom data is held).
We are currently updating our policies and guidance to adopt the new legislation.
Golden rules for protecting personal data
- Ensure that data are kept securely in terms of physical security of offices and filing cabinets.
- Beware when sharing personal data – always ask why?
- Ensure that the use of, and access to, computers, laptops and other portable electronic data processing/storage devices is compliant with University guidance.
- Never share your password with anyone.
- Be wary of web links in emails and on websites.
- Ensure that access to personal data is restricted only to authorised persons.
- Ensure that personal data are retained only for the period of time for which it is required.
- Always ensure that data is disposed of securely and records retained.
For more information
Contact email@example.com or the Office of the University Secretary for further information