The GDPR took effect from 25 May 2018. It aims to protect the privacy of all EU citizens and prevent data breaches. It will apply to any public or private organisation processing personal data. Established key principles of data privacy remain relevant in the new data protection legislation but there are also a number of changes that will affect commercial arrangements, both new and existing, with suppliers. The purpose of this information note is to advise public bodies/contracting authorities of the implications of the new General Data Protection Regulation (GDPR) for public procurement and the actions they may consider taking in respect of existing and future contracts in this regard.