Data Protection and GDPR

An Introduction to GDPR 


The law relating to data protection is going to change on 25 May 2018.

What is the change to the law?

At the moment, the Data Protection Act 1998 (“DPA 1998”) applies to the way in which schools and trusts handle personal data.  Most schools and trusts will be familiar with the general requirements of the DPA 1998, for example, the circumstances when they can disclose personal data and what to do if a person submits a subject access request.

From May 2018, the DPA 1998 will be replaced by the General Data Protection Regulation which is often referred to as the “GDPR”.  Although many of the principles will remain the same as the DPA 1998, there will be some important changes which will affect the way you process data.

Why is the law being changed?

Since the DPA 1998 became law, there have been a lot of changes to information technology and the way in which individuals and organisations share information.  In addition, different member states of the European Union took different approaches to implementing the law relating to data protection which has made it difficult for many businesses to ensure that they are compliant with these different requirements.  The GDPR is intended to harmonise the law and make it easier to comply with across Europe.