Changes in UK data protection legislation


The General Data Protection Regulation (GDPR), which applies across the European Union (EU), came into force on 25 May 2018.

The new law applies to the UK, despite the UK’s decision to leave the EU. The GDPR is about protecting the rights of individuals and informing them about the data that is held about them.

Healthcare professionals should be aware of the changes and the impact, as these apply to all organisations, settings and individuals processing and holding personal data.

As well as GDPR, the Data Protection Act 2018 also took effect from 25 May 2018. This legislation has now been finalised, and is designed to sit alongside the GDPR to address areas outside of the scope of GDPR and areas that are left to the discretion of the UK

RCSLT Resources

The RCSLT has developed the following resources about the GDPR:

These will be updated and reviewed to include further guidance from expert sources as it becomes available.

Please note: it is emphasised that this information is for your general guidance only and does not constitute legal advice.

The RCSLT is not in a position to offer individual advice on the application of the GDPR and you should seek advice from your employer, or take legal advice if you are self-employed

External Resources

The Information Commissioner’s Office (ICO) is the UK’s independent data protection regulator.

The ICO has developed a series of resources, including toolkits, FAQs and guidance on GDPR. The ICO website also contains information about the Data Protection Act 2018.

Lead authors

Kathryn Cann
Lesley Trivedi

Date of last review: 19 July 2018

1  of  4