Membership information +44 113 241 0727
Medicolegal advice +44 113 210 4398

Getting ready for GDPR

16 April 2018

What is General Data Protection Regulation?

The General Data Protection Regulation (GDPR) is a new European Union (EU) law relating to the protection of personal data in the EU.

The GDPR will affect how organisations process personal data, which for us includes information about members, colleagues and third parties.

When will the GDPR come into force?

The current Data Protection Act 1998 will be superseded by the GDPR, along with the forthcoming Data Protection Act 2018 (currently in draft Bill form and subject to further Parliamentary debate), on 25 May 2018. 

Who does GDPR apply to?

The GDPR applies to all individuals and organisations who process personal data in the EU, and has been written to reflect the increasingly digital climate in which organisations now operate. 

What does the GDPR mean for my membership?

The GDPR, together with the forthcoming Data Protection Act 2018 (DPA 2018), aim to enhance the UK’s current data protection rules by introducing certain additional data protection obligations on organisations, increasing rights for individuals and allowing them more control over their own personal data. 

MPS is committed to fulfilling its legal obligations in respect of the personal data we process, including those imposed by the GDPR and the DPA 2018. We will be providing greater detail on how we process personal data and the rights that individuals have in respect of it, as part of our readiness preparation.

Our GDPR plan

We remain committed to fulfilling our legal obligations in respect of the personal data we process, including those obligations imposed by the GDPR and the DPA 2018. 

We have been, and remain, very active in our readiness preparations. Amongst other things, we are taking steps to:


  • educate the organisation about GDPR, the DPA 2018 and their requirements
  • update our documented data protection procedures where appropriate, including those in relation to data subject access requests
  • appoint a data protection officer
  • review our data protection governance  and reporting structures. 

Like many companies, we've been following and reacting to guidance issued by the Information Commissioner’s Office (ICO) and EU’s Article 29 Working Party. We continue to review this guidance as it becomes available and will adjust our readiness preparations if appropriate.

Where can I find out more?

More information about the GDPR is available from the ICO.