General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)

The GDPR comes into effect on 25 May 2018.  The implementation will require comprehensive changes to the way in which organisations, like Queen's University Belfast, collect, use and transfer personal data.

How will it differ from the Data Protection Act 1998 (DPA)?

The GDPR has been designed not only to harmonise Data Protection practices across the European Union, but specifically to strengthen the rights of Data Subjects.  For example:

  • The standards required for gaining consent to process personal data are higher - consent must be unambiguous, informed and demonstrable.
  • Organisations will be required to report significant data breaches to the Information Commissioner's Office within 72 hours.
  • The penalties for non-compliance are significantly higher than under the DPA - with a potential fine of up to €20m.


The University is ensuring that its processes and procedures will comply with the GDPR.  Please revisit this page as further information is posted.

The Information Commissioner's Office has published an Overview to the GDPR and a summary "12 Steps to take Now".

If you have any questions please contact the Information Compliance Unit by telephone on 028 9097 2506 or by emailing