GDPR and Local Institutes

The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

Like the Data Protection Act it replaces, the GDPR will be overseen in the UK by the Information Commissioner’s Office.

The CII have established a working group to consider and implement the CII’s GDPR compliance strategy; one of the working groups key priorities is that compliance should not be simply viewed as an IT task but is an operational matter, taking in all aspects of the organisation, including the local institute network.

At the December representative council meeting Claire Walsh from Canning Connolly gave a presentation on the legal aspects of data protection and the knock-on effect it may have on local institutes.

The CII’s policy and public affairs department have created a briefing paper giving an overview of GDPR.

Both the presentation and briefing paper can be downloaded below.

The regional membership team are currently collating a list of FAQs which will be distributed within a future Network News.