Since the UK has left the EU, GDPR will now be referred to as UK GDPR or Data Protection.
The rules governing the processing of personal information of an individual based in the UK will not change under UK GDPR.
Discussions are ongoing regarding the rules on individual information exchanged between the UK and the EU.
For the most up-to-date information please refer to the Information Commissioner’s Office (ICO) and Using Personal Data After the Transition Period.
For further information on current GDPR requirements please refer to the Scottish Procurement Policy Note (SPPN)  SPPN 2/2018 . The SPPN includes some background information and some information about how this impacts on public procurement.
Quickfire Guide
Scottish Procurement Policy Note Key Messages
The key messages of the SPPN are:
- Organisations have to consider the impact on their procurement processes and new and existing contracts to ensure these are compliant with the Data Protection legislation
- This SPPN provides general information only about the change and highlights specific guidance about contracts issued by the Information Commissioner’s Office (ICO).
The SPPN also includes some additional information for organisations including, for example, specific actions required by organisations and The Law Enforcement Directive (LED).