Linked In
Twitter
Credit Strategy
Search


Search

The clock is ticking to prepare for GDPR

Getting ready for the new EU data protection regulation is a seismic task for the regulator, as much as it is for businesses, explains Garreth Cameron, group manager of business and industry at ICO

LinkedIn Twitter Google+
Garreth Cameron of ICO
Garreth Cameron of ICO

May 25 2018 is the date circled in the calendars of data protection professionals across the country, as it’s the day the much anticipated General Data Protection Regulation (GDPR) will take effect in the UK.

 

The clock has already started ticking and 2017 will be a crucial year in which firms will be making plans and looking to implement the changes needed.

 

The regulation aims to update data protection for the modern age by reflecting rapid technological developments and globalisation, and the increase in the scale of collection and sharing of personal data.

 

It enhances data protection principles and rights, and will create a stronger framework for organisational accountability and enforcement. It’s an evolution of our existing laws and good practice, but that’s not to downplay the need for businesses to ensure they are now working towards meeting the new requirements.

 

There will be challenges for businesses, just as there will be challenges for the Information Commissioner’s Office as the supervisory body tasked with overseeing the regulation in the UK. As well as making sure we’ve got the right structures and processes in place to deal with our new responsibilities, we understand how important it is that businesses have the right information and guidance to hand to help them comply.

 

Our activity

 

We started 2016 by running a series of roundtables to understand what the areas of concern are, and what businesses consider the ICO’s priorities should be.

 

As our thinking has developed we’ve continued to engage with trade associations and industry representatives, and we’ve listened to all the feedback and factored it into the guidance plan we’ve published. We have also been speaking to other regulators to help avoid any conflicting regulatory requirements being placed on firms.

 

One of our first pieces of guidance has been an overview of the regulation and the key themes. This should help those unfamiliar with the regulation to understand, in broad terms, what it requires.

 

Being transparent, providing accessible information, and giving individuals control over their information are important aspects of the regulation. We’ve already published our privacy notices, transparency and control code of practice to explain in more detail what is required, and the techniques that can help you present privacy information effectively – in particular in the digital world.

 

We’ve also published 12 steps to take now to help guide organisations on the key areas we think they should focus on first. A first step should be to ensure key decision makers are aware that change is coming and to appreciate the impact this is likely to have on the business.

 

Ensuring there is a consistent understanding of data protection requirements is crucially important to reducing barriers to trade and we’ve been working closely with our European counterparts to help ensure guidance from the new European Data Protection Board is pragmatic, easy to follow and reflects business concerns here in the UK.

 

What’s coming next

 

We will shortly be producing guidance on individuals’ rights, contracts and consent. These are three areas that businesses have consistently said are priorities. We’ve also started to develop our thinking on risk and significant legal effects, profiling, children’s privacy, documentation and records, controllers and data processors, as well as international transfers.

 

We provide a wide range of advice and guidance on a number of areas from employment practices to data sharing. We will be working on refreshing and adapting our existing guidance to ensure it reflects GDPR.

 

Following on from the success of our data protection self-assessment toolkit, we also want to seek to develop more practical tools and resources for SMEs to assist with their compliance.

 

On a European front, we expect guidance to be published shortly on identifying an organisation’s main establishment and lead supervisory authority, the right to data portability, the requirements for data protection officers, risky processing and data protection impact assessments.

 

 

LinkedIn Twitter Google+
Add New Comment
You must be logged in to comment. Login or Register to access enhanced features of the website.

You may also like

Credit Strategy

Did you find our website useful?

Thank you for your input

Thank you for your feedback

creditstrategy.co.uk – an online news and information service for the UK’s commercial and consumer credit industry. creditstrategy.co.uk is published by Shard Financial Media Limited, registered in England & Wales as 5481132, Axe & Bottle Court, 70 Newcomen St, London, SE1 1YT. All rights reserved. Credit Strategy is committed to diversity in the workplace.
© Copyright Shard Financial Media Ltd