Contact Us

By telephone
During office hours
(Monday-Friday 08:30-17:00)
+44 (0)1234 400 400

Outside office hours
(Campus Watch)
+44 (0)1582 74 39 89

By email (admissions) (international) (student support) (registration) (exchanges)

By post
University of Bedfordshire
University Square


GDPR - General Data Protection Regulations

What is GDPR?

On 25 May 2018, new General Data Protection Regulations (GDPR) will be coming into force.

GDPR will replace the current UK Data Protection Act and is designed to strengthen privacy rules and requirements around how information relating to individuals can be used.

GDPR also updates and unifies data protection law across Europe.

Why does the University collect personal data?

The University needs to collect and process personal data in order to provide necessary services to its students, manage its operations effectively, and meet certain legal requirements.

How will GDPR affect me?

Currently, we handle and process your personal data in accordance with the Data Protection Act 1998. From 25 May 2018, we shall be required by law to process your personal data in accordance with GDPR, which will supersede the current Data Protection Act. This will affect all UK organisations which handle and/or process data.

What is the University doing about it?

We have made changes to ensure that we are compliant with the new regulations. This includes writing a new Privacy Notice (insert link) which outlines what data we collect, who we share it with and for what purpose.

We are also updating our terms and conditions and continuing and new students will need to read and sign this at registration in the autumn or whenever your registration occurs after 25 May 2018.

What do I need to do now?

Please read our new privacy notice to find out how we will process your personal data under the new General Data Protection Regulations (GDPR)

What if I have questions about GDPR?

We have included some FAQ below, however, if you have any other questions relating to GDPR, please contact the Student Information Desk

When does GDPR become law?

GDPR comes into force in all EU nations, including the UK, on 25 May 2018.

What about Brexit?

GDPR is an EU Regulation; however Brexit will not affect the introduction of the regulations. The UK government is in the process of introducing legislation which incorporates the requirements under GDPR. This will replace the current Data Protection Act.

How do you define Personal Data?

Personal data is any information relating to an identifiable individual.  It can identify the individual directly or indirectly (i.e. in combination with other information), so could include name, identification number, online identifier, location data, or other factors specific to the physical, genetic, mental, economic, cultural or social identity of the person.

How is the GDPR different from the Data Protection Act?

GDPR introduces new requirements for organisations who handle personal data, including a need to be able to demonstrate compliance to a greater extent than previously.  It also establishes stronger rights for individuals designed to give them more control over how their personal data is used.  It strengthens the regulatory environment and introduces enhanced penalties for non-compliance.  It is intended to account for dramatic changes in the way that personal data is used, and the technological advances enabling this, that have occurred since the current Data Protection Act was introduced.

What are the GDPR principles?

GDPR contains six key principles, or golden rules, which say that personal data must be:

  • i) Processed lawfully, fairly and transparently.
  • ii) Collected for specified and legitimate purposes and not further used for other purposes incompatible with these (however, this rule is amended where the further purpose involves research).
  • iii) Adequate, relevant and limited to what is necessary.
  • iv) Accurate and kept up to date.
  • v) Only kept for as long as necessary for the purpose it was obtained for (however, this rule is amended where the data is being used for research).
  • vi) Processed in a manner ensuring appropriate security.

What does “Processing” of personal data mean?

It means any operation or set of operations that is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, erasure or destruction

Bedfordshire University

About us» Our University» Public Information» GDPR