What do we already know?
We updated you in our April 2016 Newsletter Government reforms (1): Data protection – changing times… and our June 2016 Newsletter Government reforms (2): data protection changes – guidance on its way about the new General Data Protection Regulation (GDPR), which will replace the current EU Data Protection Directive and national data protection legislation.
We updated you in our November 2016 Newsflash Data protection – changing times that the Government has confirmed that the UK will be implementing the General Data Protection Regulation in May 2018. The Secretary of State Karen Bradley MP said, “We will be members of the EU in 2018, [so] it would be expected … for us to opt into the GDPR and then look later at how best we might be able to help British business with data protection while maintaining high levels of protection for members of the public.”
Elizabeth Denham, the Information Commissioner, has welcomed the Government’s decision to implement the General Data Protection Regulation (GDPR), saying, “The major shift with the implementation of the GDPR will be in giving people greater control over their data. This has to be a good thing.”
The Information Commissioner also confirmed that the ICO is writing guidance on a number of priority areas of the GDPR aimed at organisations. The Information Commissioner confirmed that “The first pieces likely to be published address the role of the Data Protection Officer, the new right of data portability and how to identify an organisation’s main establishment and lead supervisory authority.”
These should be finalised by the end of 2016, and will be followed in February 2017 by guidance on the concept of risk and conducting a Data Protection Impact Assessment.
The Information Commissioner added that as well as its guidance it is also committed to working with industry groups in light of the fact that some sectors will face specific challenges.