General Data Protection Regulation

Share this page

The General Data Protection Regulation was adopted by the EU in April 2016 and will come into force in May 2018.Although there is a two-year lead-in period, it is vital that universities use all of this time to prepare as the Regulation introduces some significant changes.

The Regulation has an extended territorial reach.It applies to all organisations that process EU residents’ personal data – regardless of where those organisations are based.The location of the person whose data is being controlled or processed is now as relevant as the location of the organisation controlling or processing their data.

The Regulation allows organisations to deal with only one supervisory authority.For EU based organisations this will be their home state and for other organisations the authority in the EU state where they do most business.While the UK remains within the EU, the Information Commissioner’s Office will be the relevant supervisory authority for British universities.

Non-compliance exposes organisations to a two tier system of significantly increased penalties.Lower tier penalties, defined as fines up to 2% of prior year worldwide turnover or €10 million (whichever is greater), may be incurred for breaches such as: a failure to meet the Regulation’s privacy by design provisions; inadequate contracts between data controllers and data processors; or poor record keeping.Upper tier penalties of up to the greater of 4% of worldwide turnover or €20 million can be incurred for poor information security practices; failure to obtain proper consent; or unlawful data transfers to countries outside of the European Economic Area.


Industry news and commentary from Uniac

Managing IR35 Requirements

In December 2021, we explored the impact of the IR35 legislation from a HE perspective. We detail current requirements, risks…

Modern Slavery Act 2015

The Modern Slavery Act (2015) obliges all organisations, including universities, whose annual turnover exceeds £36 million, to…

Internal Audit and Climate Change

An update to our April 2021 ‘Sustainability in Higher Education’ paper emphasising the increasing drive to talk about…

See more

Latest from the Uniac blog

Need some more information?