New data protection legislation is due to come into force on 25 May 2018. The EU General Data Protection Regulation (GDPR) aims to protect the privacy of all EU and UK citizens and prevent personal data breaches. The implementation date is fast approaching and NI Water is making steady progress towards compliance through the delivery of its GDPR Implementation Plan.

Protection of the personal data of its customers, staff, and its contractors’ staff is as high a priority for NI Water as it has ever been. NI Water is in the process of making the necessary arrangements to ensure it is ready for the introduction of the new legislation.

The GDPR specifies that any processing of personal data by a data processor should be governed by a contract with certain provisions included. NI Water has identified a number of existing contracts involving the processing of personal data that will still be live after 25 May 2018. Compliance with the new legislation will require supplementing contract terms and ensuring specifications and service delivery schedules reflect the roles and responsibilities between the data controller (NI Water) and its data processors.

In addition, the Central Procurement Department (CPD) will be updating its procurement documentation to reflect the new Regulation for contracts to be awarded on or after 25 May 2018.

You will undoubtedly also be preparing for GDPR and I would like to take this opportunity to wish you well with your progress and to let you know that Contract Managers for the relevant contracts impacted by GDPR will contact you separately in this regard.

For further information or advice on GDPR, you can contact the Information Commissioner’s Office (ICO) or refer to its useful Guide to the GDPR and its “12 Steps to take now” guide.