Procurement Journey
HomeAdditional Resources Data Protection
Printer-friendly version

Data Protection

Since the UK has left the EU, GDPR will now be referred to as UK GDPR or Data Protection.

The rules governing the processing of personal information of an individual based in the UK will not change under UK GDPR.

Discussions are ongoing regarding the rules on individual information exchanged between the UK and the EU.

For the most up-to-date information please refer to the Information Commissioner’s Office (ICO) and Using Personal Data After the Transition Period.

For further information on current GDPR requirements please refer to the Scottish Procurement Policy Note (SPPN)  SPPN 2/2018 .  The SPPN includes some background information and some information about how this impacts on public procurement.

Quickfire Guide

Quickfire Guide

Scottish Procurement Policy Note Key Messages

The key messages of the SPPN are:

  • Organisations have to consider the impact on their procurement processes and new and existing contracts to ensure these are compliant with the Data Protection legislation
  • This SPPN provides general information only about the change and highlights specific guidance about contracts issued by the Information Commissioner’s Office (ICO).

The SPPN also includes some additional information for organisations including, for example, specific actions required by organisations and The Law Enforcement Directive (LED).

Back to top

Procurement Journey uses cookies to enhance your experience on our website. If you continue without changing your settings, we’ll assume that you are happy to receive all cookies. View our Privacy & policy disclaimer.