The General Data Protection Regulations (GDPR) come into force across the EU, including the United Kingdom, on 25th May 2018. Updated February 2026.
The purpose of the Regulations is to impose conditions on organisations who handle an individuals data to ensure the individual knows what is happening to their information and that the data is kept secure. The transfer of personal data inside the EEA will continue to be unrestricted and the general prohibition on transfer of data outside the EEA will remain.
These regulations are incredibly complex to understand in relation to their actual practical implementation.
The Regulations, of course, affect all the data your business processes about any individuals, not just data about your staff. E.g. other data you will need to consider how you handle, is your customer data, marketing lists, websites tracking, payment processes, delivery and this will involve reviewing third-party supplier contracts.
The new principles in the Regulations will affect your HR and Recruitment processes and you will need to make changes to your employment contracts and your Staff Handbooks and provide staff (and job applicants) with a new Privacy Notice.
In addition, there is a new Act called The Data (Use and Access) Act 2025 (DUAA). This law sits alongside the existing UK-GDPR and UK Data Protection Act 2018. The Act intends to make data protection rules simpler for organisations. The changes are being staggered, with some coming into effect during 2025 and more to come into effect on 5th February 2026 and later. Therefore any existing Data Protection Policies, processes and Data Protection Privacy Notices you have will need to be updated with these changes.
If you would like my help with GDPR ‘proofing’ your staff processes and documents and data, then please let me know. It’s time consuming and complicated and you’ll need to take a deep breath!
The Information Commissioner’s Office (ICO), the UK body responsible for data privacy, has a GDPR helpline – the number is 0303 123 1113 and the helpline is open Monday to Friday, 9am to 5pm.
Further information is available at:
The ICO updated information on Special Category Data in December 2019.