Data Protection

Since the UK has left the EU, GDPR will now be referred to as UK GDPR or Data Protection.

The rules governing the processing of personal information of an individual based in the UK will not change under UK GDPR.

Discussions are ongoing regarding the rules on individual information exchanged between the UK and the EU.

For the most up-to-date information please refer to the Information Commissioner’s Office (ICO) and Using Personal Data in Your Business or other Organisation.

For further information on current GDPR requirements please refer to the Scottish Procurement Policy Note (SPPN) 2/2018 .  The SPPN includes some background information and some information about how this impacts on public procurement.

Quickfire Guide

Quickfire Guide

Scottish Procurement Policy Note Key Messages

  • Organisations have to consider the impact on their procurement processes and new and existing contracts, to ensure these are compliant with the Data Protection legislation.
  • This SPPN provides general information only about the change and highlights specific guidance about contracts issued by the Information Commissioner’s Office (ICO).

The SPPN also includes some additional information for organisations including, for example, specific actions required by organisations and The Law Enforcement Directive (LED).