The National Association of Local Councils (NALC) is pleased to publish, free for its members, a comprehensive toolkit to support local councils prepare for the General Data Protection Regulation (GDPR), which will take effect in the UK from 25 May 2018.
This toolkit provides a number of practical tools to assist local councils with GDPR compliance, in the form of an action plan checklist and a data audit questionnaire, in addition to templates for privacy notices and consent forms.
The GDPR replaces the existing law on data protection (the Data Protection Act 1998) and gives individuals more rights and protection regarding how their personal data is used by councils. Local councils and parish meetings must comply with its requirements, just like any other organisation. The GDPR applies to all local councils and also to a parish meeting without a separate parish council because a local council and a parish meeting are public authorities.
The GDPR’s main concepts and principles are very similar to those contained in the current Data Protection Act 1998 and local councils will already be familiar with them.
The toolkit provides practical support to address the additional requirements and builds on a comprehensive suite of legal briefings, also available free for NALC members.
The toolkit and legal briefings, together with training available from county associations, will help local councils put in place the key building blocks set out in Elizabeth Denham, information commissioner at Information Commissioner’s Office, recent blog GDPR is not Y2K.