What is GDPR?
GDPR (the General Data Protection Regulation) is an EU data protection regulation which became directly applicable across the EU on 25 May 2018.
The GDPR was transposed into UK law as the Data Protection Act 2018. Following Brexit, the UK has created a specific UK version of the GDPR (UK GDPR) which at present matches the original EU version.
What information does the UK GDPR apply to?
The UK GDPR protects personal data, which is any information from which a living individual can be identified, either on its own or with other data. Sensitive personal data, referred to as special categories of personal data, has additional protection under the UK GDPR.
What are the principles of the UK GDPR?
- Data must be processed lawfully, fairly and in a transparent manner (‘lawfulness, fairness and transparency’)
- Data must be collected for specified, explicit and legitimate purposes (‘purpose limitation’)
- Data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is collected (‘data minimisation’)
- Data must be accurate and kept up to date (‘accuracy’)
- Data must be kept for no longer than is necessary (‘storage limitation’)
- Data must be processed in a manner that ensure appropriate security (‘integrity and confidentiality’)
- The data controller shall be responsible for, and be able to demonstrate compliance with, the above principles (‘accountability’)
What is NOW: Pensions doing to ensure compliance with the UK GDPR?
As a member, former member or beneficiary of the NOW: Pensions Scheme further information on how we comply with GDPR and the UK GDPR can be found in the in the Member Privacy Notice.
Where can I find further information?
For further information on the UK GDPR please refer to the Information Commissioner’s Office at ico.org.uk.