First regulatory guidance on the GDPR due this year

Speaking recently at the National Association of Data Protection and Freedom of Information Officers conference, the Information Commissioner, Elizabeth Denham, highlighted how the ICO will be helping organisations prepare to meet the requirements of the GDPR when it comes into force in May 2018.

Denham said that it was working with the body that encompasses all of the data protection authorities across Europe – the Article 29 Working Party – to draft guidance for organisations. To be published by the end of 2016, the first guidance will address the following aspects of the GDPR:

  1. The role of the data protection officer.
  2. The new right of data portability.
  3. How to identify an organisation’s main establishment and lead supervisory authority.

Guidance on the concept of risk and how to carry out a data protection impact assessment is due to be published in February 2017.

The Article 29 Working Party is also working on guidance regarding certifications under the GDPR, but Denham provided no further detail or timeframe for publication of that guidance.

When it is released, IT Governance will provide commentary on the guidance in addition to any other GDPR regulatory updates in the lead-up to May 2018.

For further information on the new Regulation and its application, the following GDPR publications are recommended reading:

EU GDPR Pocket Guide

The perfect introduction to the principles of data privacy and the GDPR, this concise guide is essential reading for anyone wanting an overview on the new compliance obligations for handling the personal data of EU residents. Buy now >>

EU GDPR – An Implementation and Compliance Guide

This clear and comprehensive guide provides detailed commentary on the GDPR and practical implementation advice on the compliancy measures needed for your data protection and information security regimes. Buy now >>