What are the General Data Protection Regulations?
The General Data Protection Regulations (GDPR) came into force in May 2018. They set out rights of individuals (such as employees and students) and the obligations of employers and organisations (such as schools and local authorities) in relation to personal information.
The GDPR set out six principles that data controllers (such as schools, colleges, universities and local authorities) should follow when using personal information (e.g., collecting, storing, retrieving, disclosing or destroying this information).
The GDPR also provides for individuals' right of access to personal data held about them.
The Information Commissioner's Office (ICO) produces helpful guidance on data protection issues, including a code of practice for the workplace.