Skip to main content


The General Data Protection Regulation (GDPR) came into force on the 25 May 2018. UCL has designed a comprehensive Programme of work designed to deliver the changes necessary for GDPR compliance. We will continue to update this statement as the work develops and progresses.

As part of our legal obligations we have published Staff, Student and General Privacy notices. Where required local privacy notices will be issued to inform individuals about what personal data is gathered, how it is used, stored and retained.

UCL also has a data protection policy that sets out our commitment to the safeguarding of personal data processed by its staff and students and our stances on compliance with data protection legislation. This policy describes how UCL will discharge its duties in order to ensure compliance with the data protection principles and rights of data subjects in particular and will be updated for GDPR in due course.

You can find information about the changes from the Information Commissioner's Office (ICO). The ICO is the UK regulator who oversees compliance with data protection legislation. Information Commissioner's Office Guide to the GDPR.

You can find a full list of UCL privacy notices at