The General Data Protection Regulation (GDPR) very significantly increases the obligations and responsibilities for organisations and businesses in how they collect, use and protect personal data. At the centre of the new law is the requirement for organisations and businesses to be fully transparent about how they are using and safeguarding personal data, and to be able to demonstrate accountability for their data processing activities.
My Department is very aware of the challenges that GDPR compliance will present and is actively preparing for it. A dedicated resource was put in place in late 2017 to help drive GDPR readiness across the Department and additional resources will be put in place over the coming weeks in this regard.
GDPR readiness and associated challenges is recognised as a Corporate Risk on the Department's Risk Register and was discussed at Management Board and at senior management level across the Department in recent weeks. A communications strategy for staff is under development and will be rolled out shortly. My Department has also commenced a comprehensive review of the processing activities we undertake and the way we engage with citizens, and the additional responsibilities in respect of personal data that we will have under the new regulation.
In terms of overall public service approaches to GDPR, my Department attends at an Inter-Departmental Group on Data Issues and also works closely with colleagues in other Government Departments to discuss issues of common concern and share learning and experiences.