UK General Data Protection Regulations (UK GDPR)
The General Data Protection Regulation (GDPR) came into force on 25 May 2018, replacing the previous Data Protection Act 1998. Following Brexit the GDPR is retained in domestic law as the UK GDPR. The UK GDPR places additional obligations on organisations and is primarily designed to give individuals better control over their personal data. It has introduced a number of new personal data rights and requirements which has meant we have had to review our processes and, in some cases, change them in order to comply.
For advice and guidance on any UK GDPR or Data Protection Matters please contact Tom Penlington (the Data Protection Officer) or Kate Butcher (the Deputy Data Protection Officer).
UK GDPR – What to Do in the Event of…
- A Subject Access Request (SAR)
- A Data Subject Rights (Request) e.g. “I want you to erase my data”
- Software Not Providing the Functionality to action a Data Subject Request
- A Data Breach
- Quick Guide to reporting a Data Breach
- Requiring Consent
UK GDPR Documents and Forms
- Data Breach Containment Template
- Data Breach Form
- Data Protection – Policy Statement
- Data Protection – Policy Statement (tracked changes)
- Data Sharing Template
- Records Retention and Disposal Schedule
- Employment Privacy Notice [417kb]
- Data Retention under Employment Privacy Notice
- Information Asset Owners (BMT) and Data Champions list – by service
- Quick Guide to UK GDPR Do’s & Don’ts (including Emails)
- UK GDPR FAQs
- Outlook Setting to Delay Sending Emails
- Privacy Notice Template – Homelessness Example (To be Tailored as Required)
- Appendix 1 – Legal Basis for Processing Personal Data
- Appendix 2 – Legal Basis for Processing Special Category Personal Data
- Appendix 3 – Legal Basis for processing Criminal Offence Data
- Appendix 4 – Data Subject Rights
- Appendix 5 – Exemptions
- Appendix 6 – International Transfers (applies principally to cloud based service providers whose servers are based outside the UK)
- MVDC DPIA Template