Glasgow: 0141 221 5562 Edinburgh: 0131 220 7660

Public Contracts and the GDPR

Public Contracts and the GDPR

With less than a month to go before the implementation of the GDPR it is crucial that existing and future public contracts comply with the new legislation. What will change in respect of public contracts and the GDPR?

The Scottish Government has published a Policy Note on the impact the GDPR will have on public procurement and contracts. This blog will highlight the key features of the note alongside steps organisations should take to get their public contracts and procurement processes GDPR ready.

What is

To Report or not Report a GDPR Breach?

To Report or not Report a GDPR Breach?

Under the General Data Protection Regulation (2016/679), a Data Controller is under a strict obligation to report a GDPR breach to the Information Commissioner's Office (ICO) in the event that it meets certain requirements.

Time frame for reporting

You must report a personal data breach, under Article 33, without undue delay and not later than 72 hours after becoming aware of the breach. However, what does becoming aware mean? The Article 29 Working Party Guidance considers awareness being at the point where you have

The Role of the Data Protection Officer in RSLs

The Role of the Data Protection Officer in RSLs

A Data Protection Officer (DPO) is the individual who is responsible for an organisation's overall compliance with the GDPR (General Data Protection Regulation).

The GDPR makes it mandatory for a DPO to be appointed for any organisation which is a public body. The definition of public body is taken from Freedom of Information legislation and the new Data Protection Bill. This means that when Freedom of Information legislation is amended to include Registered Social Landlords, you will be required to appoint a DPO. It is

General Data Protection Regulation (GDPR) for HR

General Data Protection Regulation (GDPR) for HR

Many organisations are currently preparing themselves for the General Data Protection Regulation. For many their initial focus for the forthcoming changes (May 2018) may be on their 'day to day business', but it is also important that their 'day to day business' includes their HR procedures. Consideration needs to be given to ensure their current procedures comply with the new Data Protection Regulations.

As before, organisations still have a right to obtain and hold personal data providing they adhere to the six data protection

Are you ready for the GDPR?

Are you ready for the GDPR?

The General Data Protection Regulation (GDPR) will come into force on 25th May 2018 replacing the Data Protection Act 1998. Every public and private organisation in the UK, including RSLs, will have to comply with the regulations which relate to how organisations process and handle personal data.

What are some of the main changes?

  • Notice of purpose of processing data

There will be an emphasis on giving notice prior to collecting personal data explaining exactly what you are doing with the data you are

Data Protection Regulations - change on the way?

Data Protection Regulations - change on the way?

The European Commission published draft proposals in January 2012 which aim to update data protection regulations and unify data protection within the EU.

Summary of Proposals

  • Stricter requirements on organisations to adopt policies and procedures that clearly demonstrate how processing of personal data is carried out. Organisations will only be able to collect the minimum amount of data required for the task in hand, and can't retain data for longer than is necessary.
  • Public authorities or commercial organisations which employ more than 250 people will