General Data Protection Regulation General Data Protection Regulation

In May 2018 the General Data Protection Regulation (GDPR) will replace the current UK Data Protection Act 1998

Although they share much common ground, GDPR will differ from the Data Protection Act in key ways and the University must prepare for the changes to come.

To find out more, click on the links on this page or contact dataprotection@uea.ac.uk, or +44 (0)1603 59 2431.

GDPR news GDPR news

October 2017: The Article 29 Working Party have published new guidelines on 'personal data breach notification' and 'automated individual decision making and profiling'. 

October 2017: Jisc have compiled resources and advice to help universities prepare for GDPR.

October 2017: The ICO's blog confirms that the annual fee many organisations have to pay the ICO when registering as a data controller is going to continue after all. GDPR does not include this obligation, but a provision within the Digital Economy Act means it will remain a legal requirement in the UK. 

September 2017: The Data Protection Bill has been published. At 202 pages it's not going to be a quick read, but will explain how the Government intends GDPR to be implemented in the UK. More detail to come, once we've had time to digest it all...

August 2017: Universities may be able to reject requests to access or rectify personal data, or objections to the processing of such data (including the prevention of further processing of that data), where the data is processed for the purpose of scientific or historical research, under derogations to GDPR which are due to be introduced in the planned UK Data Protection Bill. The derogations are designed to prevent research projects being hampered by data protection barriers. 

August 2017: The Information Commissioner has launched a series of 'myth busting' blogs to help us sort the GDPR facts from fiction. Includes a post on why consent is not the 'silver bullet' for GDPR compliance.

August 2017: For a quick and easy to digest summary of the Data Protection Bill and its connection with GDPR, see Act Now's blog post. 

August 2017: The Department for Digital, Culture, Media & Sport has published the outcome of its consultation on GDPR (see April, below), including their statement of intent paper, 'A New Data Protection Bill: Our Planned Reforms'. The BBC and Guardian have commented on the news.

July 2017: The BBC reports on the impact that the implementation of GDPR will have on businesses in the UK, both in terms of the large fines that they could incur if they fail to comply, but also the benefits that come from being able to demonstrate respect for individual's privacy.

June 2017: Data Protection Reform was mentioned by Queen Elizabeth II in her speech at the opening of Parliament. The UK would retain its "world-class" data protection regime, the Queen said. The government reiterated its plans to implement GDPR, and will publish a Data Protection Bill (pdf) which aims to give citizens more control over their data.

May 2017: There is now one year until GDPR is implemented. To mark the occasion, the ICO has issued a range of guidance on how businesses can prepare for what the Information Commissioner, Elizabeth Denham, describes as "the biggest change to data protection law for a generation." 

April 2017: One of the more eye-catching aspects of GDPR is the potential for organisations to be issued with very large fines - up to 20m Euro or 4% of turnover. The Register reports on NCC Group's research on how recent ICO monetary penalties might have looked under GDPR. 

April 2017: the Article 29 Working Party have issued more GDPR guidance, this time on Data Protection Impact Assessments. See UEA guidance to find out how and when you'll need to complete a DPIA.

April 2017: Want to have your say on the changes the Government can make to GDPR? DCMS has issued a call for views on the GDPR derogations. The consultation closes on 10 May 2017.

March 2017: GDPR includes specific requirements on obtaining and recording consent for handling personal data. The ICO has published draft consent guidance to help organisations understand the Regulations.

February 2017: Out-Law reports on comments made by Matt Hancock, Minister of State for Digital & Culture. Outlining plans to repeal parts of the DPA in preparation for GDPR, Hancock said that the Regulations are seen by the Government as 'a good piece of legislation' and that he does not 'foresee any great changes' being made to the law once UK has left the EU. 

January 2017: The ICO has published an update setting out when GDPR guidance will be provided. More details in their blog.

December 2016: the Article 29 Working Party are starting to produce guidance on aspects of GDPR. First up, they've issued papers on the role of the Data Protection Officer and Data Portability.

October 2016: The government has now confirmed that the UK will be implementing the General Data Protection Regulation (GDPR). The ICO's blog comments on the implications and what they will do to support UK data controllers. 

September 2016: GDPR changes what we need to tell people when we collect their personal data. Act Now examine the different 'privacy notice' requirements we'll need to consider.   

July 2016: The ICO have published an overview of the GDPR, highlighting key themes and describing some of the new and different requirements. 

June 2016: The ICO have released a statement on the outcome of the EU referendum. The 2040 Information Law Blog comments on what might happen next, and what organisations need to do.

June 2016: PWC blog on what the outcome of the EU Referendum will mean for GDPR implementation.

May 2016: GDPR published in the Official Journal. The Regulations are now in force and will apply from 25 May 2018.

April 2016: The GDPR (and Directive, for the police and criminal justice sector) adopted by the European Parliament.

March 2016: The Information Commissioner gives us 12 steps to prepare for GDPR.

Find out more Find out more

The Information Compliance team will be running regular lunchtime briefings to help UEA staff get ready for GDPR.

No booking is required, and after each session the team will be on hand to answer your data protection questions.

Time: 12-1pm (briefing will take around 30 mins from 12pm)

Location: Library Conference Room

Dates:

October 26
November 23
January 25
February 22
March 22
April 26
May 24

UEA Presentation UEA Presentation

View a short presentation on GDPR (updated August 2017)

UEA Briefing UEA Briefing

View the first GDPR briefing paper presented to UEA's Information Strategy and Services Committee in June 2016. More recent papers are published on the Committee Office webpages.