My Department is working to ensure it is well prepared for the implementation of the EU General Data Protection Regulation (GDPR) in May. A Data Protection Officer (DPO) has been appointed and Divisions throughout the Department are currently reviewing what personal data is received and how it is managed and stored by the Department. We are also seeking to identify any gaps in the management of data and consider any improvements in order to reduce the risk of a possible data breach.
A number of staff including the DPO, have already attended training sessions on the GDPR, which have also covered the new provisions for timely responses to Special Access Requests (SARs) received in the Department. In addition, the Department has held a number of briefing sessions on the GDPR for staff in key areas (e.g. Human Resources, Finance and IT). We propose to extend training to more staff as the year progresses.