General Data Protection Regulation (GDPR)

7 Feb 2018

Following recent meetings with Environmental Bodies (EBs) ENTRUST has become aware that many are unaware of, or seeking information about, the upcoming changes to Data Protection law, under the General Data Protection Regulation (GDPR). As a best practice regulator, ENTRUST believes in providing support, information and guidance to help EBs to fulfil their statutory duties. We have therefore released a briefing document to support the sector to find the information they need to become compliant with the new regulation.

The European Union (EU) GDPR was approved by the EU Parliament on 14 April 2016 and will apply from 25 May 2018. GDPR replaces the United Kingdom (UK) Data Protection Directive 95/46/EC and was created to bring all data privacy laws across Europe into harmony. It is important to note that many of the core requirements and principles of the Data Protection Act (DPA) will be subsumed into GDPR. In the UK the Information Commissioner's Office (ICO) is an independent authority which upholds the UK legislation relating to Data Protection and other public information rights.

GDPR is relevant to every organisation, no matter how large or small, who collect 'personal data' about EU citizens. Personal data can include basic identity information e.g. name, address, email addresses, in addition to all other personal data collected.

If you haven't started to prepare for GDPR the ICO have released detailed guidance to help businesses become compliant with GDPR before the deadline of 25 May 2018. Details of this guidance can be found in the document attached on the right hand side of this page.