Decision Maker: Cabinet

Outcome: Recommendations Approved

Is Key Decision?: Yes

Is Callable In?: Yes

Date of Decision: September 2, 2025

Purpose:

Content: The Cabinet had before it a report * from the Head of Digital Transformation and Customer Engagement to review the existing policy to ensure compliance with the Data Protection Act (DPA) 2018, the General Data Protection Regulations and the impact of the new Data Use and Access Act 2025 (DUAA) which gained royal assent June 2025.   RESOLVED that:   1.    The revised Data Protection Policy be APPROVED.   2.    Delegation of the Data Protection Policy to the Head of Digital Transformation & Customer Engagement, in consultation with the IT & Information Governance (ITIG) board and Legal Services to ensure that the policy remained current and reflected any legislative changes or regulatory guidance be APPROVED.