Introduction of General Data Protection Regulation (GDPR)

On 25th May 2018, the General Data Protection Regulation (GDPR) will come into force across EU Member States and the UK, replacing the Data Protection Act 1998 (DPA). Established key principles of data protection remain relevant under GDPR, however there are several areas of change which will impact upon the way personal data needs to be handled from the date of implementation.

STAR Procurement, along with its Council partners, are presently undertaking a review of how GDPR will affect commercial arrangements with suppliers. This review may have implications for current as well as future service contracts under which personal data is handled and processed, to ensure compliance with the new Regulations is maintained.

Under the GDPR, the legal penalty regime has been extended to include data processors (suppliers), who now face direct legal obligations; whereas under the current regime this falls solely on data controllers (the STAR Councils, in this instance). From 25th May 2018, this change means that data processors can be directly fined by the Information Commissioner’s Office (ICO) where they have not complied with their obligations under GDPR.

Following a review currently underway, where relevant and necessary, STAR Procurement will be issuing contract variations in order to bring agreements into line with the new regulations. Suppliers directly affected by this will be contacted directly by STAR Procurement with further information. In the meantime, STAR Procurement wishes to share some relevant information with its wider supplier base, in order to help suppliers who wish to pursue opportunities to work with our Councils.

 Further reading and guidance on GDPR can be found via the following links:

Should you have any specific queries relating to your existing Contracts with the STAR Councils (Stockport, Trafford and Rochdale), please contact us at and we will assist you further.

Posted on Thursday 8th February 2018