This essay was written for the Information System Security Management module (SCC.441) of my MSc. It achieved a grade of Merit.
The EU’s General Data Protection Regulation (GDPR) (a.k.a. Regulation (EU) 2016/679) comes into effect on May 25th of next year. Much has been written about this unprecedentedly pro-consumer data protection legislation, not least of all regarding its applicability (or perhaps not) to a post-Brexit Britain. As an institution that caters to large numbers of EU and non-EU citizens each year, the University of Lancaster is in a potentially particularly difficult position. In this report, I shall briefly outline the history behind the GDPR before detailing the areas most applicable to the University. These technical, organisational and legal implications will, to the best of my ability, be considered with an eye to Britain’s leaving of the European Union on March 29th 2019, just under a year after GDPR comes into effect.