The General Data Protection Regulation (GDPR) is a new, Europe-wide law that replaces the Data Protection Act 1998 in the UK. It is part of the wider package of reform to data protection that includes the soon to be enacted Data Protection Bill. The GDPR sets out requirements for how Town and Community Councils will need to handle personal data from 25th May 2018. Guidance is available from the Information Commission Office (ICO)

The Legislation applies to ‘personal data’, which means any information relating to “an identifiable person who can be directly or indirectly identified by reference to an identifier”