General Data Protection Regulation (GDPR)

New rules relating to how we collect and process personal data - the EU General Data Protection Regulation (GDPR) - will come into effect in the UK from 25 May 2018.


What is GDPR?

The GDPR is Europe's new framework for data protection laws. It replaces the previous 1995 data protection directive, which current UK law is based upon.

The new regulation starts on May 25, 2018. It will be enforced by the Information Commissioner's Office (ICO).

The Government has confirmed that the UK's decision to leave the European Union will not alter this.

What do I have to do now?

Many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act (DPA). If you are complying properly with the current law then most of your approach to compliance will remain valid under the GDPR and can be the starting point to build from. However, there are new elements and significant enhancements, so you will have to do some things for the first time and some things differently.

Twelve steps to take now - on the ICO website

Getting ready for the GDPR checklist - on the ICO website

What happens if I don't?

One of the biggest, and most talked about, elements of the GDPR is the power for regulators to fine businesses that don't comply with it. These monetary penalties will be decided upon by the ICO. However, the GDPR law is not about fines. It’s about putting the consumer and citizen first.

GDPR - sorting the fact from the fiction by Elizabeth Denham, Information Commissioner, on the ICO website.

Where can I find out more?

GDPR on the Knowledge Hub
This online group is for information managers in local government to share learning, opinion and preparations. The group is overseen by the LGA, i-Network, ICO and wider data protection networks in the health and local government sectors.

Guide to the GDPR on the ICO website
This guide explains the provisions of the GDPR to help organisations comply with its requirements. It's for those who have day-to-day responsibility for data protection.

GDPR blog on the ICO website
Elizabeth Denham, Information Commissioner, has launched a series of blogs to bust some of the myths that have developed around the GDPR.

E-learning modules for councillors
The LGA is developing an e learning module for councillors on how the changes as a result of the GDPR will affect them. This will be available in early 2018. 

GDPR events

The LGA is holding free events about GDPR:

Data protection reform in local government and the new General Data Protection Regulation
Manchester, North West, 18 January 2018

Data protection reform in local government and the new General Data Protection Regulation
London, 29 January 2018

Data protection reform in local government and the new General Data Protection Regulation
Birmingham, East of England, 6 February 2018