Following the introduction of the General Data Protection Regulation (GDPR), introduced in the UK through the Data Protection Act 2018 earlier this year, the Regional Executive tasked its Risk and Audit Committee to establish an updated Data Protection Policy to ensure that the Region was compliant with the updated regulation and to set good practice for how the Region should handle the personal data that it holds. This policy had a number of aims including:

  • To document what personal data the Region holds
  • To document the processes in place to ensure that the Region handles the personal data it holds in a safe and secure manner
  • To document the procedures to be followed in the event that individuals make use of their expanded rights under GDPR such as their Right to Be Forgotten or their Right to Access through a Subject Access Request

At its September meeting the Regional Executive agreed to adopt the Data Protection Policy and also agreed that this should be made available through the Regional Website.

The Regional Executive would encourage all members to review the policy at In addition, for those districts and groups which don’t currently have their own policy, the Regional Executive would encourage the relevant executive committees to use this as a template to adapt for your own policy documents.

If you have any questions about the policy or GDPR you can speak to Martin Elliot, Deputy Regional Commissioner, or e-mail .