Government reforms (3): Data protection – GDPR guidance

What do we already know?

We have been regularly updating you about the new General Data Protection Regulation (GDPR), which on 25 May 2018 will replace the current EU Data Protection Directive and the Data Protection Act 1998.

For further detail see our updates here and summary of the new law above at New Year, New Law.

What’s new?

1. The European Commission has:

• published guidance on the GDPR (available here); and
• launched a new online tool dedicated to SMEs (available here).

The guidance outlines what the European Commission, national data protection authorities and national administrations still need to do to bring preparations for the GDPR to a successful conclusion.

The aim of the new online tool is to raise awareness of the GDPR and help individuals, businesses (in particular SMEs) and other organisations to comply with and benefit from the new data protection rules.

2. The Information Commissioner’s Officer (ICO) has updated its guide to the GDPR. The following changes have been made to the guide:

• The section of the guide dealing with personal data breaches has been expanded; and
• New pages have been added to the lawful basis section of the guide, covering contract, legal obligation, vital interests and public task.

The updated guide is available here.

The ICO has also published more detailed guidance (available here) on documentation outlining the new requirements under Article 30 of the GDPR in relation to the documentation of processing activities. This sits alongside the guide.