Your request has been considered in accordance with the requirements of the Freedom of Information (FOI) Act and our information access policy. We do hold the information you require. You asked for:

any documents created as part of your organisation's preparations for the General Data Protection Regulation.

For example, papers relating to any formal working/steering groups, programme/project boards. This might include but is not limited to:
- minutes of meetings held;
- terms of reference;
- project/programme plans;
- gap analysis

Also, any guidance produced for staff, including information published on Intranet sites.

Please find attached the requested documentation about how we our preparing for the GDPR, which replaces the Data Protection Act 1998 (DPA) from 25 May 2018. As a large ‘data controller’, we have already disseminated a substantial volume of information in readiness for this new legal framework. This includes tailored briefings and presentations, email updates, intranet content and external guidance from the Information Commissioner’s Office. Due to the volume of information, it is necessary to send copies of these to you in more than one email.

Please note that in accordance with TfL’s obligations under the Data Protection Act 1998 (DPA) we are not able to disclose some personal information (including contact details) in the attached materials produced by NCC Group and Herbert Smith Freehills, in accordance with section 40(2) of the FOI Act. This is because disclosure of this personal data would be a breach of the DPA, specifically the first principle of the DPA which requires all processing of personal data to be fair and lawful. It would not be fair to disclose this personal information when the individuals have no expectation it would be disclosed and TfL has not satisfied one of the conditions of Schedule 2 of the Data Protection Act which would make the processing ‘fair’.

Additionally, information not covered by your request has been removed from PDF file ‘2016-06-21-Exco GDPR paper’ located in zip file J.

In addition, exemptions S43(1) & S43(2) (Prejudice to Commercial Interests) have been applied to some information in the attached NCC Group papers, as disclosure of intellectual property and pricing information would be likely to affect both TfL’s ability to secure best value in any future procurement exercise for the associated services and NCC Group’s pricing strategies and competitive advantage. The use of this exemption is subject to an assessment of the public interest in relation to the disclosure of the information concerned. In this instance, factors in favour of disclosure, such as the general public interest in transparency and openness are outweighed by the potential damage to the effective operation of TfL’s procurement process leading to increases in the cost to the public, either through taxation or increased fares. There are a limited number of companies able to bid for such contracts and NCC Group are likely to find themselves competing for similar contracts in the future. Please note that in this instance, TfL did not chose to pursue the attached data mapping proposal put forward by NCC Group.

Please see the attached information sheet for details of your right to appeal as well as information on copyright and what to do if you would like to re-use any of the information we have disclosed.

Yours sincerely

Jasmine Howard
FOI Case Officer
Information Governance
Transport For London

-----Original Message-----

Sent: 29 July 2017 15:07
To: FOI
Subject: Freedom of Information request - GDPR

Dear Transport for London,

Please send me any documents created as part of your organisation's preparations for the General Data Protection Regulation.

For example, papers relating to any formal working/steering groups, programme/project boards. This might include but is not limited to:
- minutes of meetings held;
- terms of reference;
- project/programme plans;
- gap analysis

Also, any guidance produced for staff, including information published on Intranet sites.

Yours faithfully,

Attachments