Complying With Data Protection

The Data Protection Act 2018 (DPA2018) modernises data protection laws in the UK to make them fit-for-purpose for our increasingly digital economy and society.

The DPA2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).

Everyone responsible for using personal data has to follow strict rules called ‘data protection principles.’ They must make sure the information is:

  • Used fairly, lawfully and transparently
  • Used for specified, explicit purposes
  • Used in a way that is adequate, relevant and limited to only what is necessary
  • Accurate and, where necessary, kept up to date
  • Kept for no longer than is necessary
  • Handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage

There is stronger legal protection for more sensitive information, such as:

  • Race
  • Ethnic background
  • Political opinions
  • Religious beliefs
  • Trade union membership
  • Genetics
  • Biometrics (where used for identification)
  • Health
  • Sex life or orientation

LOCSU has written guidance and templates on GDPR for LOCs to help them understand the changes and actions that they need to take.

General Data Protection Regulation (GDPR) guidance Part 1 (Mar 2018)

General Data Protection Regulation (GDPR) guidance Part 2 (Apr 2018)

GDPR Data Audit template (Apr 2018)

Practices should refer to the guidance from the Optical Confederation issued in July 2018.

Registration with the Information Commissioner’s Office (ICO)

The Information Commissioner’s Office (ICO) is the independent supervisory authority set up to promote and oversee compliance with data protection legislation in the UK. Under the 2018 Regulations, organisations that determine the purpose for which personal data is processed (data controllers) must pay the ICO a data protection fee unless they are exempt.

LOCSU’s guidance is that LOCs should register as Data Controllers with the ICO. This is due to them not being not-for-profit organisation and, as such, not being exempt. In addition, personal data is shared between two data controllers, for instance, with the GOC when running CET courses.

ICO Registration Guidance for LOCs (Aug 2018)

More in this section

LOC Resources

In this section of the website, we provide a range of publicity resources created by LOCSU Communications that can be adapted by LOCs for local use.

Your LOC

Many LOCs have their own website which provide email contacts for the committee, details of LOC meetings including the AGM and CET events.