GDPR guidance issued by the NFWI

The General Data Protection Regulation (GDPR) and The Data Protection Act (2018) came into force in May 2018. Together they represent the biggest change to data protection legislation in a generation. Please follow the information in this section to ensure you understand what this means for your WI or federation.

Why was new legislation needed?

The GDPR was created to reinforce the protection of personal information as a fundamental right. The main aims of the regulation are to:

  • Empower individuals to take more control of their personal data by giving them stronger rights; and
  • hold the organisations who collect and store personal data accountable.

The GDPR should be read in tandem with the Data Protection Act 2018 (DPA) which replaced the 1998 Act.

For full up-to-date guidance on GDPR please refer to MyWI here.

Support from the NFWI

We are here to support your WI in your work to ensure compliance with the GDPR and DPA. We strongly encourage your WI to go through the MyWI resources to get an overview of the new legislation and find out what you need to do. As always our staff are on hand to help with any queries and concerns.


If you have any questions please email


The Information Commissioner’s Office

The ICO is an independent supervisory authority that regulates privacy laws in the UK and has the ability to enforce sanctions and fines on organisations that do not comply with the GDPR. They are continuously developing helpful guidance on data protection. Some helpful resources include:


Guide to Data Protection

Electronic Marketing