Preparing for the General Data Protection Regulation

12 Jul 2017

Preparing for the General Data Protection Regulation – the latest from the Information Commissioner’s Office

The GDPR will apply in the UK from 25 May 2018. With the prospect of a significant increase in fines for breaching the GDPR, businesses should be starting to prepare now.

This advice is reinforced by a recent warning from the Information Commissioner to businesses that there is no time to delay preparations for the GDPR– “If your organisation can’t demonstrate that good data protection is a cornerstone of your business policy and practices, you’re leaving your organisation open to enforcement action that can damage both public reputation and bank balance. But there’s a carrot here as well as a stick: get data protection right, and you can see a real business benefit.”

So with less than a year to go until the GDPR becomes law, what guidance has the ICO published?

The final version of guidance on what is meant by “consent” (to process personal data e.g. for marketing purposes) under GDPR is still awaited and expected anytime soon. However the updated “12 steps to take now” guidance refers readers to the draft guidance on consent which went out to consultation earlier this year which suggests that the final version won’t be much different to the draft version.

There is also other guidance, produced at European level, on topics such as the designation, position and tasks of Data Protection Officers under the GDPR and which can be accessed via the ICO’s website.