General Data Protection Regulation (GDPR)

New rules relating to how we collect and process personal data - the EU General Data Protection Regulation (GDPR) - came into effect in the UK on 25 May 2018.


What is GDPR?

The GDPR is Europe's new framework for data protection laws. It replaces the previous 1995 data protection directive.

The new regulation started on 25 May 2018. It will be enforced by theInformation Commissioner's Office (ICO).

The Government has confirmed that the UK's decision to leave the European Union will not alter this.

What do I have to do now?

Many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act (DPA). If you are complying properly with the current law then most of your approach to compliance will remain valid under the GDPR and can be the starting point to build from. However, there are new elements and significant enhancements, so you will have to do some things for the first time and some things differently.

Getting ready for the GDPR checklist - on the ICO website

LG Inform Plus: Record of Processing Activities (RoPA) tool

GDPR requires organisations to maintain a RoPA, covering the ‘legal basis’ for holding personal data, how it is processed and with who it is shared. Using LG Inform Plus’ existing records retention tool, we have created a customisable RoPA template which you can complete with local information to form your council’s full RoPA.

What happens if I don't?

One of the biggest, and most talked about, elements of the GDPR is the power for regulators to fine businesses that don't comply with it. These monetary penalties will be decided upon by the ICO. However, the GDPR law is not about fines. It’s about putting the consumer and citizen first.

GDPR - sorting the fact from the fiction by Elizabeth Denham, Information Commissioner.

Where can I find out more?

GDPR on the Knowledge Hub

This online group is for information managers in local government to share learning, opinion and preparations. The group is overseen by the LGA, i-Network, ICO and wider data protection networks in the health and local government sectors.

Guide to the GDPR on the ICO website

This guide explains the provisions of the GDPR to help organisations comply with its requirements. It's for those who have day-to-day responsibility for data protection.

GDPR blog on the ICO website

Elizabeth Denham, Information Commissioner, has launched a series of blogs to bust some of the myths that have developed around the GDPR.