Government Reforms: General Data Protection Regulations (GDPR)

What do we already know?

 We updated you in our April 2016 Newsletter Government reforms (1): Data protection – changing times… and our June 2016 Newsletter Government reforms (2): data protection changes – guidance on its way about the new General Data Protection Regulation (GDPR), which will replace the current EU Data Protection Directive and national data protection legislation.

We updated you in our November 2016 Newsflash Data protection – changing times that the Government has confirmed that the UK will be implementing the General Data Protection Regulation in May 2018.

What’s new?

With just under one year to go until the GDPR comes into effect in May 2018, the Information Commissioner, Elizabeth Denham, has warned businesses that there’s no time to delay in preparing for “the biggest change to data protection law for a generation“.

In a YouTube video addressing boardrooms, Ms Denham says “If your organisation can’t demonstrate that good data protection is a cornerstone of your business policy and practices, you’re leaving your organisation open to enforcement action that can damage both public reputation and bank balance. But there’s a carrot here as well as a stick: get data protection right, and you can see a real business benefit.”

Among a number of initiatives to mark one year until GDPR compliance, the Information Commissioner’s Office (ICO) has:

  • published an updated data protection self-assessment toolkit for SMEs (available here) which includes a new element to help organisations assess their progress in preparing for the GDPR;
  • updated its “12 steps to take now” guidance (available here); and
  • launched its Information Rights Strategy (available here), which sets out its mission statement to increase public trust over the next four years.

The European Commission has also issued a statement in which it says that it will be stepping up its work with member states and engaging with companies to ensure harmonisation and avoid fragmentation in implementation of the GDPR. Within the year, it will also launch an EU-wide campaign to raise awareness so that Europeans are conscious of their rights.