ICO lays plans for GDPR guidance

Computer Weekly reports that the Information Commissioner’s Office has set out plans for publishing guidance on the EU General Data Protection Regulation (GDPR). The Commissioner’s Office is encouraging businesses to review guidance on the GDP as it is published in order to identity which areas need to be addressed in 2017.

UK organisations will be required to comply with the GDPR from 25 May 2018 and indications are that the new UK data protection legislation that will apply after the UK leaves the EU will align with the GDPR.

Head of policy deliver, Jo Pedder has described the guidance as “essential reading”.

Pedder went on to highlight the work the ICO was doing to develop an overview of the GDPR as a living document that would be updated continually with guidance by the ICO and the working party.

The latest guidelines published by the Article 29 Working Party are open to comment until the end of January 2017. They have been added to the ICO’s GDPR Overview and cover data portability, lead supervisory authorities and data protection officers.

The ICO previously indicated that its GDPR guidance would be issued in three phases, with the first covering familiarisation and key building blocks, the second covering guidance structure and mapping, including process review and initial development of associated tools, and the third being a review.

The ICO is now moving into the second phase, which will overlap with the conclusion of phase one.

Thus far, the ICO has produced a document, Preparing for the GDPR: 12 steps to take now to give organisations a list of the key issues they need to address in their preparations.

The ICO has also published the first version of its Overview of the GDPR, referred to relevant GDPR provisions in its revised Privacy notices code of practice, and has been identifying what guidance is needed as a priority.