The aim of this workshop was to ask potential end-users of the citizens' information pack on legal and ethical issues around ICTs (i.e. citizens and citizens' groups) the following questions: What is your knowledge of the EU's General Data Protection Regulation (GDPR), and what actions have you taken in response to these regulations? What challenges are you experiencing in ensuring the protection and security of your project data, and compliance with the GDPR, within existing data management processes/systems? What information/tools/resources do you need to overcome these challenges? What are the best formats/channels for receiving, sharing and acting upon this information? What is the most appropriate structure/format(s) for the citizens' information pack?