The General Data Protection Regulation (GDPR) will be enforced from 25 May 2018 across EU Member States. The EU’s General Data Protection Regulation (GDPR) is the result of four years of work by the EU to bring data protection legislation into line with new, previously unforeseen ways that data is now used.
Currently, the UK relies on the Data Protection Act 1998, which was enacted following the 1995 EU Data Protection Directive, but this will be superseded by the new legislation. It introduces tougher fines for non-compliance and breaches, and gives people more say over what companies can do with their data. It also makes data protection rules more or less identical throughout the EU.
More information can be found on the Information Commissioners GDPR Website
Over the last year we have made significant progress with the Glow GDPR project. We have been working closely with a wide range of parties including the Information Commissioners Office, SOLAR, Digital Office for Scottish Local Government and MacRoberts legal services.
We held a series of Glow Key Contacts meetings in January, providing an update on GDPR and the progress that was being made against our key target dates.
The Glow Agreement
We reached a key milestone on the 28th of February 2018 when the new Glow Agreement (a revised GDPR compliant Memorandum of Understanding (MOU)) was approved and subsequently sent to all Glow customers for sign off.
The Glow Agreement replaces the current documentation and it is now a legally binding agreement with no additional data controller/processor agreements required to be signed.
We will continue to work on our existing policies and procedures across Glow as the overall project is progressing to plan for the GDPR Go Live date of the 25th May 2018. We will provide updates on this key project over the coming weeks.