The General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a European Union regulation designed to strengthen and unify Data Protection within the EU. GDPR will replace the existing Data Protection Act when it comes into effect on 25th May 2018.
LCC International University handles significant amount of personal data and takes data privacy very seriously. The University works continuously to ensure its policies and processes are up-to-date.
The introduction of the General Data Protection Regulation (GDPR) in May 2018 provides the University with an opportunity to further strengthen the way it protects people’s data and ensure that privacy is central to what the institution does.
The principles of the GDPR require that personal data shall be:
- Processed fairly, lawfully and transparently – and only if there is a valid ‘legal basis’ for doing so.
- Processed only for specified, explicit and legitimate purposes.
- Adequate, relevant and limited.
- Accurate (and rectified if inaccurate).
- Not kept for longer than necessary.
- Processed securely – to preserve the confidentiality, integrity and availability of the personal data.
What new rights do people have under the GDPR?
The GDPR creates some new rights for individuals. The rights are set out below; these are subject to many exceptions and will not always apply to all circumstances:
- The right to be informed of how their personal data are being used – usually via Privacy Notices.
- The right of access to their personal data – usually submitted as a Subject Access Request.
- The right to rectification of data.
- The right to be forgotten.
- The right to restrict processing of their personal data.
- The right to data portability.
- The right to object – includes profiling, direct marketing and processing for research.
- Rights in relation to automated decision making and profiling.
What are your responsibilities?
We would like to remind you that it is your responsibility to ensure, to the best of your knowledge, that the Data you provide us with is accurate, complete, and up-to-date. If you choose to share Personal Data of other people (such as dependents) with us, it is your responsibility to collect such Data in compliance with local legal requirements.
When are we allowed to process personal data?
The GDPR requires a legal basis for the processing of data, examples of this are shown below:
- Consent of the data subject.
- Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract.
- Processing is necessary for compliance with a legal obligation.
- Processing is necessary to protect the vital interests of a data subject or another person.
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Requests for access to personal data under the GDPR
Data subjects for whom the University holds personal data have the following rights as described in the section – What new rights do people have under GDPR. To exercise your rights contact us by email email@example.com or submit the Subject Access Request form.