GDPR’ is one of those phrases that has become well known without necessarily being well understood.



The General Data Protection Regulation (GDPR), which came into force in May 2018, was a European Union (EU) piece of legislation setting the minimum standards for processing data in the EU.

Anticipating Brexit, the 2018 Data Protection Act rewrote the UK’s own data protection laws to mirror GDPR, so there would be no conflict between British and European law.

This meant that when Britain left the EU, the Data Protection Act continued to apply rules that were functionally equivalent to GDPR; the difference is that it is now in the UK government’s power to alter those rules.  If you operate solely in the UK, you are now under the jurisdiction of the UK’s Data Protection Act, not the EU’s GDPR legislation.

Happily, in June this year, the EU Commission found the UK’s data protection regime to be ‘adequate’, meaning that data can continue to flow from the EU and European Economic Area (EEA) without the need for additional safeguards.


Impact & Insight Toolkit (Toolkit)

Throughout the lifetime of the Toolkit project, we have been responding to and anticipating these changes.  For example, before Brexit occurred, we moved over to UK-based servers to store all Toolkit data, minimising the need for any international data transfers.  Indeed, as a result of Brexit and ongoing clarifications from the Information Commissioners Office (ICO), we will soon be making some minor tweaks to our legal agreements which users of the Impact & Insight Toolkit signed.

As we plan these steps, we thought this might be a good time to check how confident you as Toolkit users are feeling about data collection and privacy issues.  Do you feel whether you have the necessary support, and access to key information, that allows you to make good and compliant decisions around these issues?   If we discover that some Toolkit users don’t feel confident on data protection matters, we could provide more resources on our website and signal key sources of external information and guidance.

The survey accessed via the link below asks you a few questions about your confidence levels towards a few key data collection and privacy issues.  Just to be clear, this is NOT a test of your knowledge around data protection but asks you to indicate how confident you are.

If you could please complete it, that would be enormously helpful to CWC and the Toolkit project.   It will only take you a couple of minutes, and your response will, of course, be anonymous. 

If we get a very low response rate to the survey, we will have to speculate on what that means.  We don’t think it will mean that you are uninterested in these questions, or that you are completely confident about data collection and privacy issues.   But perhaps more likely that data protection remains something that many Arts Council funded organisations feel they ‘have to do’ as a compliance agenda, rather than as a core process that brings benefits around how to collect, use and understand data.

We look forward to receiving your feedback and continuing to support you in developing a well-informed approach to data protection issues.


Link to survey:



Photo by Markus Winkler on Unsplash