The Law on Data Protection changed from 25 May 2018 with the implementation of the General Data Protection Regulation (GDPR).

The GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union. It aims to give you control over your personal data that the government and other organisations store about you. 

The UK left the European Union on 31 January 2020 and entered a Brexit transition period. During this period which is due to run until the end of December 2020 the GDPR will continue to apply. 

The rights that individuals have about how their personal data is handled and stored was enhanced by the GDPR:

• The right to be informed of data processing and the lawful grounds for processing your data
• The right to request information held about you – subject access requests
• The right to have inaccuracies corrected
• The right to have information erased
• The right to restrict processing
• The right to data portability
• The right to object
• Rights in relation to automated decision making and profiling

We will comply with the Data Protection Act and the GDPR principles and ensure personal data is:

• Processed fairly and lawfully and in a transparent manner
• Obtained for one or more specified, explicit and lawful purposes
• Used in the most efficient and effective way to deliver better service
• Adequate, relevant and limited only to what is required
• Accurate and where necessary kept up to date
• Not kept in a form which permits identification of data subjects for longer than is necessary
• Processed in accordance with the rights of data subjects
• Processed in a manner that ensures appropriate security of the personal data
• Kept secure to safeguard information (including unauthorised or unlawful processing or accidental loss)