GDPR at Ulster University

Information on Ulster University's approach to GDPR.

The General Data Protection Regulation ("GDPR") came into force across the European Union on 25th May 2018 and along with the Data Protection Act 2018, replaces the Data Protection Act 1998.

The new Regulation seeks to better protect individual’s rights around privacy and personal data in view of the rapid changes in technology that have occurred since 1998.

The University is already compliant in respect of most of the GDPR requirements including the requirement to document data held, communicate privacy information, maintain records of processing activities and report notifiable breaches.

The University Secretary, Mr Eamon Mullan, is the University’s designated Data Protection Officer. The Data Protection Officer has the primary responsibility for coordinating Data Protection compliance across the University, including reporting, and is the ultimate arbitrator within the University in respect of Data Protection matters.

The most significant changes relate to the extended rights of data subjects (people about whom data is held).

We are currently updating our policies and guidance to adopt the new legislation.

Ulster's GDPR Policy

PDF document of Ulster University's General Data Protection Regulation Policy.

Privacy notice

A Privacy Notice informs data subjects (people about whom personal data is held) when, why and how their personal data is used by the University.

Key Terms

Key terms you need know covered in the EU GDPR.

Training and resources

Update of the training is compulsory for all university staff.

Individual's Rights

GDPR provides data subjects (people about whom personal data is held) with important rights.

The ICO’s 12 Steps

PDF outlining 12 steps to take now in preparing for the GDPR.

Ulster's GDPR preparations

Information on what Ulster University is doing to prepare for GDPR.

Golden rules for protecting personal data

  • Ensure that data are kept securely in terms of physical security of offices and filing cabinets.
  • Beware when sharing personal data – always ask why?
  • Ensure that the use of, and access to, computers, laptops and other portable electronic data processing/storage devices is compliant with University guidance.
  • Never share your password with anyone.
  • Be wary of web links in emails and on websites.
  • Ensure that access to personal data is restricted only to authorised persons.
  • Ensure that personal data are retained only for the period of time for which it is required.
  • Always ensure that data is disposed of securely and records retained.

Third Party Data Processing Agreement

Please review the document with explanatory notes before using the templates.

Download Template

For more information

Contact or the Office of the University Secretary for further information