During office hours
+44 (0)1234 400 400
Outside office hours
+44 (0)1582 74 39 89
University of Bedfordshire
UK, LU1 3JU
On 25 May 2018, new General Data Protection Regulations (GDPR) will be coming into force.
GDPR will replace the current UK Data Protection Act and is designed to strengthen privacy rules and requirements around how information relating to individuals can be used.
GDPR also updates and unifies data protection law across Europe.
Why does the University collect personal data?
The University needs to collect and process personal data in order to provide necessary services to its students, manage its operations effectively, and meet certain legal requirements.
Currently, we handle and process your personal data in accordance with the Data Protection Act 1998. From 25 May 2018, we shall be required by law to process your personal data in accordance with GDPR, which will supersede the current Data Protection Act. This will affect all UK organisations which handle and/or process data.
We have made changes to ensure that we are compliant with the new regulations. This includes writing a new Privacy Notice (insert link) which outlines what data we collect, who we share it with and for what purpose.
We are also updating our terms and conditions and continuing and new students will need to read and sign this at registration in the autumn or whenever your registration occurs after 25 May 2018.
Please read our new privacy notice to find out how we will process your personal data under the new General Data Protection Regulations (GDPR)
We have included some FAQ below, however, if you have any other questions relating to GDPR, please contact the Student Information Desk firstname.lastname@example.org
GDPR comes into force in all EU nations, including the UK, on 25 May 2018.
GDPR is an EU Regulation; however Brexit will not affect the introduction of the regulations. The UK government is in the process of introducing legislation which incorporates the requirements under GDPR. This will replace the current Data Protection Act.
Personal data is any information relating to an identifiable individual. It can identify the individual directly or indirectly (i.e. in combination with other information), so could include name, identification number, online identifier, location data, or other factors specific to the physical, genetic, mental, economic, cultural or social identity of the person.
GDPR introduces new requirements for organisations who handle personal data, including a need to be able to demonstrate compliance to a greater extent than previously. It also establishes stronger rights for individuals designed to give them more control over how their personal data is used. It strengthens the regulatory environment and introduces enhanced penalties for non-compliance. It is intended to account for dramatic changes in the way that personal data is used, and the technological advances enabling this, that have occurred since the current Data Protection Act was introduced.
GDPR contains six key principles, or golden rules, which say that personal data must be:
It means any operation or set of operations that is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, erasure or destruction