It is not often that you hear the phrase “thank god for the Information Commissioner’s Office” but this week those words could be ringing around every office in the UK after the data regulator revealed a new swathe of guidance for the EU General Data Protection Regulation.
No-one ever said GDPR was going to be easy to understand – in fact a new report claims, rather depressingly, that fewer than half (47%) of businesses in the UK are aware of the GDPR – but for those who have, the guidance provides a valuable light through the darkness.
The first set – published in October – covered privacy notices, transparency and control, and with it a warning that it is no longer enough to stick a privacy notice on a website and forget all about it; they have to be constantly reviewed and tweaked.
The new set of guidance has been provided by the EU Article 29 Working Party – which is made up of the data chiefs of all EU states – and is now on the ICO website. It covers data portability, lead supervisory authorities and the potentially thorny issue of which companies will be expected to appoint data protection officers.
According to one report, the UK will have to find 7,000 data protection officers before implementation day on May 25, 2108.
Article 29 is also planning guidance on consent, transparency, profiling, high-risk processing, certification, administrative fines, breach notification and data transfers.
Meanwhile the ICO says it will also be issuing its own advice on contracts & liability, and consent in the coming months.
Consumers back GDPR to make their data safer
7,000 data protection officers needed for UK firms
EU data reforms: the top 5 issues for marketers
ICO poised to draw up new code for direct marketing
ICO issues privacy notice warning in first GDPR code
ICO commits to data law overhaul despite Brexit win
Third of businesses still feel unprepared for GDPR
Industry cheer as EU opt-in data threat is lifted
Big issues to tackle in 2017: red alert on legislation
EU data reforms already ‘out of date’