Government reforms (1): Data protection – GDPR guidance

What do we already know?

We have been regularly updating you about the new General Data Protection Regulation (GDPR), which on 25 May 2018 will replace the current EU Data Protection Directive and the Data Protection Act 1998.

For further detail see our updates here.

What’s new?

1. The Information Commissioner’s Office (ICO) has published a series of frequently asked questions (FAQs) documents for the education, health and local government sectors on the GDPR and how it will affect them and their day-to-day operations.

The three FAQs documents cover a variety of sector issues:

• Local Government FAQs document: Available here.  This includes specific guidance on getting ready for the GDPR and examples of good practice. It also provides information on producing publication schemes and the results of the Local Government Information Governance survey undertaken by the ICO at the end of 2016.
• Education sector FAQs document: Available here.  This covers issues   surrounding fundraising and marketing in education organisations and  surveillance technology. The document also includes a webinar on data protection for those in the education sector.
• Health sector FAQs document: Available here.  This covers registering with the ICO and looking after information held about patients (including deceased persons’ medical records). The document also lists recent enforcement action taken against individuals in the health sector following data breaches.

2. The Information Commissioner’s Office (ICO) has published a number of new resources aimed at helping small and medium sized enterprises (SMEs) prepare for the new data protection regime under the GDPR.

The publication of the new resources follows the launch of the ICO’s advice service for SMEs in November 2017 (see our November 2017 Newsletter Government reforms (1): Data protection – GDPR guidance).

The resources include:

• A self-assessment checklist on getting ready for the GDPR, which produces a bespoke report on what SMEs will need to do (available here);
• A FAQs document answering the questions that have been asked most often by SMEs in relation to the GDPR (available here); and
• A guide to the GDPR (available here).