The EU General Data Protection Regulation (GDPR) comes into effect on the 25th May 2018. This is the one of most significant developments in European data protection law in over 30 years. The GDPR strengthens the rights of data subjects and will have many implications for my Department.
Accordingly, the Department has established a dedicated unit to prepare for the implementation of the GDPR and the work of this unit is overseen by a high level Data Management Programme Board.
The GDPR unit has a number of work streams to work through to ensure a smooth transition once the GDPR comes into effect. While my Department already has strict data protection guidelines, policies and procedures, all are being reviewed and updated to ensure that the processing of all personal data is GDPR compliant before 25 May. All data sharing arrangements are also being reviewed to ensure compliance with the Regulation.
The GDPR unit is finalising a training and awareness programme through which over 6,500 staff will be advised of the key impacts of the GDPR. The awareness programme has already commenced with an initial article on GDPR last October for the Data Protection Awareness Week which issued to all staff.
More recently, a series of GDPR briefing sessions has been given to more than 600 staff and a series of business level meetings took place with some of the major processors of personal data. These will continue over the coming weeks and months. In addition, my Department is committed to delivering GDPR training to all staff in advance of the 25 May implementation date.