Data protection top image

The General Data Protection Regulation (GDPR) came in to force on Friday 25 May 2018.

The Data Protection regulations apply to you and your work

If you access, use, or store personal information about living people - (GDPR calls this ‘processing personal information') - you will need to understand the GDPR and how to comply with it. 

If any staff you line manage (or students you teach) process this kind of data, you will all need to understand the GDPR. The regulations will also apply to mailing lists that you use to send information about College activities to individuals.

What do you mean by personal data?

  • Information about or relating to a living person
  • Identifiable (on its own or in combination with other information)
  • Please see FoM GDPR definitions (SharePoint) for more information.


Examples of data categories

Examples of data categories

Research data

  • Clinical observation cohorts
  • Population cohorts for epidemiology studies
  • Tissue donors
  • Clinical trial datasets
  • Consent to participate in research (either electronic or hard copy)
  • Participants’ personal details used for reimbursement
  • Questionnaires, surveys and tests

Admin or HR data

  • CVs of job applicants (could be held on laptops, PCs, emails, shared drives, paper copies, etc.)
  • Information about staff performance, reviews, disciplinary hearings
  • Finance FTE reports
  • Expense forms

Student data

  • Names and contact details used for course marketing purposes
  • Students' data that could be used to help with their welfare, occupational health (eg. GP letters)
  • Students' data used for examination assessment
  • Supervisory reviews of students' activities
  • Student CVs

Patient data (non-research)

  • Emails, patient notes, records regarding Trust clinical activities
  • Data stored about Trust patients on your Imperial machine (PC, iPad, laptop, Mac)
  • Remember that processing of data for patient management purposes is not permitted on the College network and equipment

Line break

Key questions around GDPR

What is the Faculty of Medicine doing about GDPR?


A FoM GDPR working group, chaired by Professor Richard Reynolds, was established to create an implementation action plan for the Faculty. The group worked closely with College legal services and ICT to align the College policies and the Faculty’s practical guidance.

As a result, the Faculty has a dedicated FoM Information Governance SharePoint site that provides practical guidance for the Faculty specific activities.

The Faculty Established the Information Governance & Strategy Committee to take forward IG enhancement programme. The SharePoint site will be continuously updated as a result of their work.

What can I do now?


Who can help me if I have questions?


The Faculty Information Governance SharePoint site is designed to help you navigate through data protection legislation.

FAQ - frequently asked questions regarding personal data processing. 

The Faculty Information Governance and Strategy Committee has published guidance for risk management in sharing and publishing genomic data (college logon required)

For any GDPR related questions not already covered, please use this form or email fom.gdpr@imperial.ac.uk