The General Data Protection Regulation (GDPR) replaces the Data Protection Act of 1998. It is a Regulation which affects all authorities which collect personal data. We collect and use personal data for a number of reasons. The Council is expected to have all of its members and staff trained to understand the implications of the Regulation. It is ultimately the responsibility of the Council, as the Data Controller,to ensure that things are done correctly.
The GDPR places greater emphasis on the documentation that data controllers must keep to demonstrate their accountability. Compliance with all the areas listed in this document will require organisations to review their approach to governance and how they manage data protection as a corporate issue.
