General Data Protection Regulation

Share this page

The General Data Protection Regulation was adopted by the EU in April 2016 and will come into force in May 2018.Although there is a two-year lead-in period, it is vital that universities use all of this time to prepare as the Regulation introduces some significant changes.

The Regulation has an extended territorial reach.It applies to all organisations that process EU residents’ personal data – regardless of where those organisations are based.The location of the person whose data is being controlled or processed is now as relevant as the location of the organisation controlling or processing their data.

The Regulation allows organisations to deal with only one supervisory authority.For EU based organisations this will be their home state and for other organisations the authority in the EU state where they do most business.While the UK remains within the EU, the Information Commissioner’s Office will be the relevant supervisory authority for British universities.

Non-compliance exposes organisations to a two tier system of significantly increased penalties.Lower tier penalties, defined as fines up to 2% of prior year worldwide turnover or €10 million (whichever is greater), may be incurred for breaches such as: a failure to meet the Regulation’s privacy by design provisions; inadequate contracts between data controllers and data processors; or poor record keeping.Upper tier penalties of up to the greater of 4% of worldwide turnover or €20 million can be incurred for poor information security practices; failure to obtain proper consent; or unlawful data transfers to countries outside of the European Economic Area.


Industry news and commentary from Uniac

Artificial Intelligence

In this briefing paper, we look at the risks, benefits, and application of AI in the HE sector.

Student Hardship

In response to the cost of living crisis, universities are stepping up their efforts to support students through a variety of…

Governance and OfS Compliance

It’s been almost five years since the first English universities were approved for inclusion in the Office for Students’ (OfS’)…

See more

Latest from the Uniac blog

Silla Maccario RIP

Silla has been our colleague since July 2004. Talented, individual, passionate, dedicated (and maybe sometimes a little bit…

Need some more information?