With less than a month to go before the implementation of the GDPR it is crucial that existing and future public contracts comply with the new legislation. What will change in respect of public contracts and the GDPR?

The Scottish Government has published a Policy Note on the impact the GDPR will have on public procurement and contracts. This blog will highlight the key features of the note alongside steps organisations should take to get their public contracts and procurement processes GDPR ready.

What is

Under the General Data Protection Regulation (2016/679), a Data Controller is under a strict obligation to report a GDPR breach to the Information Commissioner's Office (ICO) in the event that it meets certain requirements.

Time frame for reporting

You must report a personal data breach, under Article 33, without undue delay and not later than 72 hours after becoming aware of the breach. However, what does becoming aware mean? The Article 29 Working Party Guidance considers awareness being at the point where you have

A Data Protection Officer (DPO) is the individual who is responsible for an organisation's overall compliance with the GDPR (General Data Protection Regulation).

The GDPR makes it mandatory for a DPO to be appointed for any organisation which is a public body. The definition of public body is taken from Freedom of Information legislation and the new Data Protection Bill. This means that when Freedom of Information legislation is amended to include Registered Social Landlords, you will be required to appoint a DPO. It is

Many organisations are currently preparing themselves for the General Data Protection Regulation. For many their initial focus for the forthcoming changes (May 2018) may be on their 'day to day business', but it is also important that their 'day to day business' includes their HR procedures. Consideration needs to be given to ensure their current procedures comply with the new Data Protection Regulations.

As before, organisations still have a right to obtain and hold personal data providing they adhere to the six data protection

The General Data Protection Regulation (GDPR) will come into force on 25^th May 2018 replacing the Data Protection Act 1998. Every public and private organisation in the UK, including RSLs, will have to comply with the regulations which relate to how organisations process and handle personal data.

What are some of the main changes?

• Notice of purpose of processing data

There will be an emphasis on giving notice prior to collecting personal data explaining exactly what you are doing with the data you are