Skip navigation

    General Data Protection Regulation (GDPR)

    The GDPR came into force on 25 May 2018. As part of our preparations for GDPR, we produced a series of guides, setting out how we think GDPR affects the services we provide.

    Posted Tue 5 June 2018

    We provided some general advice in July 2017, before publishing a more detailed

     in January 2018, and . This guidance considered:

    • UCAS’ and providers’ relationship under GDPR
    • UCAS’ lawful ‘basis for processing’ personal data and consent
    • additional requirements in respect of informing students about uses of personal data
    • providers' communications with applicants

    We then published further

     in March 2018, which provided an update about advice from the Information Commissioner’s Office (ICO) on providers' communications with applicants, and the types of communications that could be issued without seeking additional consent.

    Following liaison with the ICO and

    at our Admissions Conference, we also published information about the requirements for processing personal data about . This provides the background on the ICO’s position on UCAS’ asking all applicants whether they have an unspent criminal conviction, and the decision to remove this question.

    If you have any questions not answered in the guidance and briefings above, please contact datagovernance@ucas.ac.uk.

    Related news

    Your role in cyber security

    Unconditional Change at Confirmation (UCC) Decisions

    Tariff points for Scottish National Certificates

    Pearson Edexcel International A Level – October/Autumn Series

    Advanced British Standard Consultation