GDPR at Ulster University

GDPR at Ulster University

Information on Ulster University's approach to GDPR.

On 25 May 2018, the General Data Protection Regulation (GDPR) will replace the outgoing Data Protection Act 1998 (DPA) and will apply to all EU member states.

The new Regulation seeks to better protect individual’s rights around privacy and personal data in view of the rapid changes in technology that have occurred since 1998.

The University is already compliant in respect of most of the GDPR requirements including the requirement to document data held, communicate privacy information, maintain records of processing activities and report notifiable breaches.

The most significant changes relate to the extended rights of data subjects (people about whom data is held).

We are currently updating our policies and guidance to adopt the new legislation.

Ulster's GDPR Policy

PDF document of Ulster University's General Data Protection Regulation Policy.

The ICO’s 12 Steps

PDF outlining 12 steps to take now in preparing for the GDPR.

Ulster's GDPR preparations

Information on what Ulster University is doing to prepare for GDPR.

Privacy notice

A Privacy Notice informs data subjects (people about whom personal data is held) when, why and how their personal data is used by the University.

Key Terms

Key terms you need know covered in the EU GDPR.

Training and resources

Update of the training is compulsory for all university staff.

Individual's Rights

GDPR provides data subjects (people about whom personal data is held) with important rights.

Golden rules for protecting personal data

  • Ensure that data are kept securely in terms of physical security of offices and filing cabinets.
  • Beware when sharing personal data – always ask why?
  • Ensure that the use of, and access to, computers, laptops and other portable electronic data processing/storage devices is compliant with University guidance.
  • Never share your password with anyone.
  • Be wary of web links in emails and on websites.
  • Ensure that access to personal data is restricted only to authorised persons.
  • Ensure that personal data are retained only for the period of time for which it is required.
  • Always ensure that data is disposed of securely and records retained.

For more information

Contact or the Office of the University Secretary for further information