Preparing for the General Data Protection Regulation
Preparing for the General Data Protection Regulation – the latest from the Information Commissioner’s Office
The GDPR will apply in the UK from 25 May 2018. With the prospect of a significant increase in fines for breaching the GDPR, businesses should be starting to prepare now.
This advice is reinforced by a recent warning from the Information Commissioner to businesses that there is no time to delay preparations for the GDPR– “If your organisation can’t demonstrate that good data protection is a cornerstone of your business policy and practices, you’re leaving your organisation open to enforcement action that can damage both public reputation and bank balance. But there’s a carrot here as well as a stick: get data protection right, and you can see a real business benefit.”
So with less than a year to go until the GDPR becomes law, what guidance has the ICO published?
- The ICO has updated its data protection self assessment toolkit to include a new section “Getting ready for the GDPR“. It is a useful checklist of the key areas that businesses need to consider and a way to monitor progress towards compliance.
- The ICO has updated its guidance “Preparing for the General Data Protection Regulation (GDPR) – 12 steps to take now”
- The ICO’s Privacy notices code of practice provides guidance on the additional information that businesses will need to include in their privacy notices from 25 May 2018
The final version of guidance on what is meant by “consent” (to process personal data e.g. for marketing purposes) under GDPR is still awaited and expected anytime soon. However the updated “12 steps to take now” guidance refers readers to the draft guidance on consent which went out to consultation earlier this year which suggests that the final version won’t be much different to the draft version.
There is also other guidance, produced at European level, on topics such as the designation, position and tasks of Data Protection Officers under the GDPR and which can be accessed via the ICO’s website.