Skip to content

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)

The NPS has updated its frameworks so they comply with the General Data Protection Regulation (GDPR).

To help customers prepare for GDPR, which comes into force on 25 May this year, we have issued change control notices to existing contractors and are embedding GDPR clauses into forthcoming tenders. A copy of this notice can be found on Sell2Wales (login required).

We are only able to update the frameworks and cannot update customer call-off contracts. Customers of NPS frameworks should satisfy themselves that contracts let prior to 25 May, which are affected by GDPR, are updated to include relevant clauses, following the advice of your data protection officer or equivalent.

Whilst customers are able to use the framework clauses we have developed, this note does not constitute legal advice and, if your organisation requires additional assurance or support, please seek legal advice.

If you have any queries about what the NPS is doing, please do not hesitate to contact us.

The GDPR gives enhanced protection for personal data, and imposes stricter obligations on those who process personal data. For further information please visit: Information Commissioner's Office

Links: The General Data Protection Regulation (GDPR) standard clauses

Contact: NPSStakeholderEngagement@gov.wales