Data protection
General Data Protection Regulations (GDPR) 30 January 2017
Further to news in November 2016 where the government confirmed that the UK will be implementing the General Data Protection Regulations (GDPR), the Information Commissioner’s Office (ICO) has published an update setting out what guidance organisations can expect and when .
It’s essential reading, as it will help you plan what areas to address across the next twelve months.
Consistency across the EU is one of the key drivers of the GDPR, and the Article 29 Working Party – the body that currently brings together the Data Protection authorities across Europe – is leading the way developing guidelines on some of the key aspects of the law. As the UK member of the Article 29 Working Party, the ICO are inputting into this process and taking a lead role on a number of priority guidelines aimed at organisations.
The update explains the work that the ICO will be contributing in the coming year as part of the Article 29 Working Party, as well as the guidance and policy development they have opted to prioritise themselves.
The central pillar to the guidance is the Overview of the GDPR . The ICO is developing the Overview as a living document, adding content on different points as more guidance is produced by the ICO and the Article 29 Working Party. Just before Christmas the Article 29 Working Party published guidelines on the role of the Data Protection Officer, the new right of data portability and how to identify an organisation’s main establishment and lead supervisory authority. They are open to comment until the end of January. Links to the guidelines are in the Overview.
12 steps to take now
Many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act (DPA), so if you are complying properly with the current law then most of your approach to compliance will remain valid under the GDPR and can be the starting point to build from. However, there are new elements and significant enhancements, so you will have to do some things for the first time and some things differently.
The ICO has a checklist which highlights 12 steps you can take now to prepare for the General Data Protection Regulation (GDPR) which the ICO expect to come into force in mid-2018.
Back to Contents
Prepare now for biggest change to data protection law for a generation 2 June 2017
The 12 steps to take to prepare for GDPR has been relaunched, with updated guidance and increased focus on the need to act now to be compliant for May 2018.
The General Data Protection Regulation (GDPR) is a new law that will replace the Data Protection Act 1998 and will apply in the UK from 25 May 2018. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
Information Commissioner Elizabeth Denham has told businesses there’s no time to delay in preparing for “the biggest change to data protection law for a generation”.
Speaking in a video addressing boardrooms , Ms Denham calls on businesses to see the commercial benefits of sound data protection, and act now to ensure they’re compliant by 25 May 2018:
“If your organisation can’t demonstrate that good data protection is a cornerstone of your business policy and practices, you’re leaving your organisation open to enforcement action that can damage both public reputation and bank balance. But there’s a carrot here as well as a stick: get data protection right, and you can see a real business benefit.”
The Chartered Institute of Payroll Professionals
Policy News Journal
cipp.org.uk
Page 15 of 145
Made with FlippingBook - Online Brochure Maker