New data protection regulation for UK and EU based IFPA members and schools

On 25th May 2018 the General Data Protection Regulation (GDPR) will replace current EU legislation on how personal data is protected. In the UK, it also replaces the Data Protection Act 1998. The aim is to make data collection rules consistent across the EU.

This means that if you process data on individuals in the context of selling goods or services to citizens in EU countries you will need to comply with the GDPR.

For our UK members, regardless of what happens with Brexit, it’s important to note that the GDPR will still apply for non-EU companies who processes personal data of those living in the EU.

In addition, it is the intention of the UK Government to strengthen UK data protection law by introducing a new Data Protection Bill which will bring the GDPR into UK law, maintaining consistent treatment of data post Brexit.

One of the biggest considerations of the new regulations is making sure ‘sensitive data’ is handled correctly, individuals must actively give consent for their data to be collected and understand what information is being collected, and specifically what it is being used for.

The IFPA is currently considering what these changes may mean for the organisation and its members, and will offer some basic guidance to members in due course.

New Framework for UK and EU

More information is currently available on the following sites:

The Information Commissioner’s Office (ICO) –

Balens –

The UK Government –

EU DGPR Portal –

Current International Framework

Any member or IFPA Accredited School currently processing data on individuals should ensure that they are operating within regulations which apply for Data Protection in the Country in which they operate.