Meet the requirements of data privacy regulations
A service must be in compliance with all applicable data privacy regulations including the General Data Protection Regulation and the Data Protection Act 2018
To meet this commitment as part of Digital and Data function鈥檚 strategic commitments your plans must show how you will comply with data protection regulations.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) came into force on 25 May 2018 through the . It鈥檚 about protecting citizens鈥� personal data when it is being processed or moved.聽
GDPR adopts privacy by design. There is a legal requirement in the GDPR for the protection of citizens鈥� data to be included from the start of the design process. You must comply with this new regulation and consider the ethical and appropriate use of data and technology. GDPR includes upfront penalties for not complying.
The Information Commissioner鈥檚 Office (ICO) has a and we suggest using impact assessments in the section on as part of your project or programmes risk management process.聽
The questions from the are useful to consider.
If you鈥檙e going through the spend control process you must explain how you鈥檙e meeting this commitment if your spend request has been rated high on the Risk and Importance Framework or has an assurance rating of control.
Answering 鈥榥o鈥� will not lead to an automatic rejection and you will need to explain why your spend cannot align to the commitment.