In all the hyperbole surrounding the General Data Protection Regulation (GDPR) it may have been easy to miss the UK passing its own updated data protection legislation – the Data Protection Act 2018 (the Act). This came into force at the same time as GDPR on 25th May and replaces the Data Protection Act 1998. The GDPR allowed individual EU states some flexibility to add their own detail in relation to specific areas. The Act fills in some of those gaps as well as bringing the GDPR into UK law. It is important to note that GDPR applies in the UK unless government choses to get rid of this legislation after it exits the EU. Here are some of the most important points, outlined in the Act:
Every organisation that processes personal data should be compliant with the GDPR but getting to grips with GDPR can be daunting and it can be difficult to know where to start. This 12-point plan, adapted from the Information Commissioners Officer (ICO) guidance, is here to help you take the right steps.
To help you comply with The General Data Protection Regulation (GDPR), NCVO has a range of services that we can offer direct and through partners to support you – see all of our GDPR support on this page.
Help us to improve this page – give us feedback.