This article provides information about the General Data Protection Regulation and the Data Protection Act 2018. The GDPR and Data Protection Act 2018 came into effect on 25 May 2018 and are designed to protect the rights and freedoms of individuals, in particular their right to privacy with respect to the processing of personal data. Personal data is any information that can identify a living person either by itself e.g. a person's name, or with other information e.g. an address plus a name, and includes unique identifying numbers in the definition. 'Processing' is the inclusive term given to the collection, use, storage and ultimate destruction of any personal information. The 6 principles relating to the processing of personal data are that:

  • Personal data shall be processed fairly, lawfully and in a transparent manner.
  • Personal data shall only be processed for the purposes for which it was collected and not for any other purpose(s).
  • Personal data shall be adequate, relevant and limited to what is necessary in relation to the purpose for which it is processed.
  • Personal data shall be accurate and, where necessary, kept up to date.
  • Personal data shall not be kept in an identifiable form for longer than is necessary.
  • Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

Data subjects have various rights in relation to their personal data. For more information, consult the data protection webpages.