Government reforms (2): Data protection – GDPR guidance

What do we already know?

We have been regularly updating you about the new General Data Protection Regulation (GDPR), which was introduced on 25 May 2018 and replaces the EU Data Protection Directive and the Data Protection Act 1998.

For further detail see our updates here.

What’s new?

Just when you thought it was all over(!) there’s some final guidance from the Information Commissioners Office (ICO), to update you on…

Guidance on Data Protection Impact Assessments (DPIA)

The ICO has published the final version of its guidance on DPIAs (available here).  The guidance is intended to sit alongside the ICO’s Guide to the GDPR (available here).  The guidance explains:

• the principles and process that form the basis of a DPIA;
• what a DPIA is for;
• when you need to carry one out; and
• how to go about it.