Guidance on GDPR and the use of cloud-based services

This year saw the introduction of the General Data Protection Regulation (GDPR) which came into force on the 25 May. GDPR has compliance implications for anyone that uses or stores personal or sensitive information.

If you use, or are thinking of using a cloud-based service to collect, process and store personal or sensitive information at the University, then IT Security and Legal Services provide guidance on specific IT products and services that are compliant with the University's GDPR policy.

Legal Services have a list of approved services which you can find here.

IT Security provide advice about specific cloud-based applications in their IT Product Guidance document. 

If you require any further advice about any additional product or cloud based service that you may be considering, please contact IT Security at


Professional Services