Start of main content

Data protection legislation

The EU GDPR became law across Europe in May 2018, replacing a patchwork of data protection laws across the various European Union member states, and essentially making privacy the new normal.

The UK government approved the updated Data Protection Act 2018 (DPA 2018). The DPA 2018 was a complete rework of the original ‘Data Protection Act’ of 1998 and incorporated into it, where all of the clauses from the EU GDPR, becoming the basis upon which data protection would be judged within the UK.

As a result of Brexit and with effect from 01st January 2021, the UK stopped being part of the EU and hence the EU GDPR cease to protect the rights of freedoms of UK citizens regarding their personal data.

The UK government then revised the EU GDPR to refine it to the requirements of the UK and became the UK GDPR.

We have a strong culture of taking privacy and data protection matters seriously and balancing the needs of our members with the requirements of legislation in an ever-changing world.

The UK GDPR requirements essentially include putting individuals back in charge of what happens to their personal data and keeping extensive records about what data we collect - such as knowing where that data is held, what legal obligation is relied on to use that data, who it is shared with and how long it is retained for.

As we are registered with the Information Commissioners Office as a data controller for all of our member personal data, the UK GDPR is directly applicable not only to IET members based in the UK and EU but to all IET members across the world. This means that the UK GDPR affects IET activities and volunteer work worldwide.

We understand that legal requirements may be different in other countries, but the UK GDPR sets out the standards that act as the minimum level of conduct we expect from anyone who undertakes a volunteering role on our behalf.

We don’t believe that any of the UK GDPR requirements will create a conflict with local law, but if you have any concerns please contact for clarification.

If you require access to IET data for your volunteering role you will need to undertake our data protection training module within our e-learning portal, InfoAware.

This module reflects the requirements for the UK GDPR, and you will need to complete it to ensure that you are fully aware of the standards of practice and expectations on you to work within the data protection guidelines.

Volunteers should discuss their training requirements with their usual staff contact in the first instance.