SENIOR NAVAL OFFICER TEMPORARY MEMORANDUM XX/18
GENERAL DATA PROTECTION REGULATION 2018
Sponsor: SEC

INTRODUCTION

1.  The General Data Protection Regulation 2018 (GDPR18) will apply with effect from
   25 May 18 and supersedes the current UK Data Protection Act 1998 (DPA98). It is a
   significant and wide-reaching piece of legislation which brings a 21 st Century approach to
   data protection and how it is handled.
2. GDPR18 expands on the rights of individuals to control how their personal data is
   collected and processed, placing a range of new obligations on organisations to be more
   accountable for data protection.
3. It is important to note that although GDPR18 empowers individuals, there is also an
   onus of personal responsibility. This is detailed within Annex A.

AIM
3. This document is intended to provide guidance to those responsible for the collection,
processing and storage of any form of personal data. This will be covered in the following
methods:

• Ensure that the roles of the Data Protection Officer, Controller and
  Processors are understood.
• What is classed as Personal Data.
• The qualifications required by personnel.
• Processing Data.
• Handling Information Requests.
• Exemptions to Information Requests.