On 25 May 2018, the new General Data Protection Regulations (GDPR) came into force.
GDPR and the new Data Protection Act 2018 (DPA 2018) replaced the old UK Data Protection Act 1998, and strengthened privacy rules and requirements around how information relating to individuals can be used.
GDPR also updates and unifies data protection law across Europe.
The University needs to collect and process personal data in order to provide necessary services to its students, manage its operations effectively, and meet certain legal requirements.
We are required by law to process your personal data in accordance with GDPR and the DPA 2018, which have superseded the old Data Protection Act. This affects all UK organisations which handle and/or process data.
We have made changes to ensure that we are compliant with the new regulations. This includes writing a Privacy Notice which outlines what data we collect, who we share it with and for what purpose.
We have also updated our terms and conditions which continuing and new students will need to read and sign at registration.
Please read our new privacy notice to find out how we will process your personal data under the General Data Protection Regulations (GDPR)
We have included some FAQ below, however, if you have any other questions relating to GDPR, please contact the Data Protection Officer DPO@beds.ac.uk
GDPR is an EU Regulation; however Brexit has not affected the introduction of the regulation. The UK government has introduced the Data Protection Act 2018, which incorporates the requirements under GDPR.
Personal data is any information relating to an identifiable individual. It can identify the individual directly or indirectly (i.e. in combination with other information), so could include name, identification number, online identifier, location data, or other factors specific to the physical, genetic, mental, economic, cultural or social identity of the person.
The new data protection legislation introduces new requirements for organisations who handle personal data, including a need to be able to demonstrate compliance to a greater extent than previously. It also establishes stronger rights for individuals designed to give them more control over how their personal data is used. It strengthens the regulatory environment and introduces enhanced penalties for non-compliance. It is intended to account for dramatic changes in the way that personal data is used, and the technological advances enabling this, that have occurred since the old Data Protection Act was introduced.
GDPR contains seven key principles, or golden rules, which say that personal data must be:
It means any operation or set of operations that is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, erasure or destruction
During office hours
+44 (0)1234 400 400
Outside office hours
+44 (0)1582 74 39 89
University of Bedfordshire
UK, LU1 3JU