The EU General Data Protection Regulation (GDPR) comes into force on Friday 25 May 2018. It has taken four years to develop and is the most important change in data privacy legislation in two decades.

GDPR is an EU-wide regulation that will replace the current data protection laws in the UK. It has been designed to provide greater protection for personal data in today’s digital world.

Brexit will not affect the commencement of the GDPR. The UK Government has made it clear that GDPR will become part of UK law from Friday 25 May, as it also applies to organisations who interact with citizens of other EU countries.

IOSH, as a data processor, will comply with its GDPR obligations when they take effect and will work to ensure privacy and responsible use of data for all our stakeholders.

What IOSH is doing

IOSH is committed to adhering to all GDPR procedures. We have clear policies and processes in place to ensure we comply, and we will exercise responsibly our duties as a data controller and data processor.

We’re updating our Privacy Policy, Cookie Policy and Data Retention policy to comply with the new regulation and these are effective from 25 May 2018. IOSH employees have been and continue to be trained to follow good practice in:

  • Gathering information
  • Storing information
  • Complying with all reasonable requests from individuals to find out about the information we hold on them
  • Providing evidence for audits

IOSH is reviewing all consent forms across the organisation and amending these documents to show how and when consent should be obtained. This will ensure consent from individuals is affirmative, freely given, specific, informed and unambiguous.

The option to opt out of marketing communications will always be available and included in communications with an individual outside IOSH.

IOSH believes that privacy is a very important right for citizens and wishes to assure all the company’s members, customers and suppliers that we are working hard to ensure compliance in all areas of the business.

Further information

You can download our factsheet.

IOSH’s Information Security Officer is Laura Mills, who is overseeing the working group engaged with GDPR compliance.

If you have any questions, please email Laura at

Access requests

For more information about what data IOSH holds about you, please refer to the documents below.

GDPR Data Request Process - PDF 168 KB

IOSH Data Subject Rights Request Form - PDF - 133 KB

IOSH Subject Access Request SAR Form - PDF - 146 KB