General Data Protection Regulations (GDPR) - employer preparation

30 January 2017

Further to news in November 2016 where the government confirmed that the UK will be implementing the General Data Protection Regulations (GDPR) in 2018, the Information Commissioner’s Office (ICO) has published an update setting out what guidance organisations can expect and when.

The ICO says that this is essential reading, as it will help you plan what areas to address across the next twelve months.

Consistency across the EU is one of the key drivers of the GDPR, and the Article 29 Working Party – the body that currently brings together the Data Protection authorities across Europe – is leading the way developing guidelines on some of the key aspects of the law. As the UK member of the Article 29 Working Party, the ICO are inputting into this process and taking a lead role on a number of priority guidelines aimed at organisations.

The update explains the work that the ICO will be contributing in the coming year as part of the Article 29 Working Party, as well as the guidance and policy development they have opted to prioritise themselves.

The central pillar to the guidance is the Overview of the GDPR. The ICO is developing the Overview as a living document, adding content on different points as more guidance is produced by the ICO and the Article 29 Working Party.

Just before Christmas the Article 29 Working Party published guidelines on the role of the Data Protection Officer, the new right of data portability and how to identify an organisation’s main establishment and lead supervisory authority.

They are open to comment until the end of January. Links to the guidelines are in the Overview of the GDPR.

12 steps to take now

Many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act (DPA), so if you are complying properly with the current law then most of your approach to compliance will remain valid under the GDPR and can be the starting point to build from. However, there are new elements and significant enhancements, so you will have to do some things for the first time and some things differently.

The ICO has a checklist which highlights 12 steps you can take now to prepare for the General Data Protection Regulation (GDPR) which the ICO expect to come into force in mid-2018.