General Data Protection Regulation (GDPR)

The Data Protection Act 1998 is being updated on 25 May 2018 to the General Data Protection Regulation legislation, which is a Europe wide piece of legislation that the UK has chosen to adopt in full.

Changes include: 

  • The data subject needs to have a better understanding of how an organisation will be using their data
  • Explicit consent for data use must be provided
  • Parental consent will be needed for processing any data related to a child or young person
  • The rights of the data subject are strengthening, including the ‘right to be forgotten’.  This requires the company to delete all traces of the data subject from all systems
  • The role of the Information Commissioners Office (ICO) will increase significantly in terms of possible sanctions of non-compliance from organisations

NCVO has a set of resources designed around GDPR, which you can access on their website.