KCL broke GPDR in locking out some students and one staff member. I'm interested what information identified them as activists in the first place - the article only links to a statement by KCL's acting principal. They did not throw their security team under the bus, but did those staff not understand the law?
https://www.theregister.co.uk/2019/07/05/kings_university_breached_gdpr_by_sharing_list_of_activist_students_with_cops/
The shop I work at is very strict on privacy and adhering to law as this is America and punitive lawsuits are a very real thing.