The GDPR Programme Team in conjunction with the Data Protection Office are putting on a Data Protection Roadshow spanned over 2 weeks in November 2019.

If you would like to find out more about what GDPR means for all staff at UCL and want to better understand the practical application of the Data Protection legislation, this series of events is for you. The roadshow will cover UCL’s approach to discharging our legal responsibilities, what future projects are planned to improve Data Protection at UCL and how to adopt best practice in data management.

Follow this link to register your attendance: Data Protection Roadshow 21-28 November 2019

For Frequently Asked Questions about Data Protection and GDPR in Library Services, you can visit the new LibNet page.

The new mandatory training on the General Data Protection Regulations for all UCL staff has now launched.

You can follow the steps in the below to enrol and complete the training. The training module takes around 30-40 minutes. All staff must complete the training by 31 October 2018. Prizes will be awarded to the three Divisions in UCL that complete it fastest.

Instructions to access the training are also available on the UCL GDPR webpage.

Please note that the Library GDPR Coordination Group is preparing a Privacy Notice for Library Visitors to complement the existing Staff and Student Privacy Notices. There should be no need for additional Privacy Notices for specific Library Sites or Services.

If you have any questions about GDPR in Library Services, please contact Lib-GDPR@ucl.ac.uk.

It is only a few days before new regulations become law, with the implementation of GDPR from 25 May 2018. The Provost noted in TheWeek@UCL last week that UCL is preparing for the new law to take effect, with a number of activities being coordinated by the UCL GDPR Project Board (https://www.ucl.ac.uk/news/staff/staff-news/copy4_of_january-2018/02052018-ucl-preparations-gdpr). The Provost noted that “it is […] not possible to be fully compliant on day one, nor does the Information Commissioner’s Office (ICO) expect us to be. The ICO does however expect us to be continually looking to identify the risks to privacy and addressing these.”

Following an initial assessment, the GDPR team does not feel Library Services is a ‘high-risk’ area: there is good practice within the Library and other parts of the university process larger volumes of sensitive personal data. However, this is an opportunity for us all to reflect on how we process personal data and change our practice where it is not in line with the new regulations. A survey is about to be shared with all staff across UCL. I would like to stress that at this stage, we want to identify how personal data is processed without seeking to assign blame or penalties for historic bad practice. Referring to the Provost’s message (as above):

“The survey will not gather any personal information about the respondent, and we will be issuing an ‘amnesty’ across the university regarding current data collection, processing, and retention practices. The survey is intended to be a tool for UCL to provide baseline understanding of its risk of non-compliance with GDPR, so that we can prioritise areas of concern for further investigation and action. This survey will also help us to identify areas where we may find ‘quick wins’ – small changes that can completely mitigate risks identified. We need staff to engage with this survey fully so that the university as a whole can become compliant.”

We cannot afford to be complacent, and whilst UCL will roll out initiatives at an institutional level (including a survey and mandatory training), we can also take action as a department. Please see below for important news about how to raise your queries about GDPR, mandatory training which you must undertake this summer and also, if you are interested, a free webinar on research data and GDPR.

• Library enquiries about GDPR

We have established an email address lib-gdpr@ucl.ac.uk. If you have any queries relating to GDPR in your area of work, and have not dared to ask until now, please email us and we will advise or refer enquiries to the central UCL team as appropriate.

• Important: Mandatory training for Library Services staff

The April edition of the Core Brief included an update on GDPR and strongly encouraged all Library Services staff to undertake training on data protection which is currently available from Moodle. Following discussion at Library SMT, this training is now mandatory and must be completed by the end of August. This will provide a solid basis for future GDPR training which UCL will implement later in the summer.

Please undertake the Data Protection, Information Security and Freedom of Information training in Moodle to ensure that you understand the regulations and UCL’s policies, and that you can ensure we handle personal data with due care and attention.

Additional information

For more information on GDPR, you can visit the UCL GDPR Preparedness website, which also provides background information on GDPR . The GDPR homepage includes a 20-minute webinar by UCL Legal Services, covering 9 key elements of GDPR and how they impact on UCL. The page also includes FAQs, which are updated regularly: https://www.ucl.ac.uk/legal-services/ucl-general-data-protection-regulation-gdpr