Amid the ongoing hoo-ha and uncertainty surrounding Brexit, one issue has actually been resolved – an issue, moreover, that will have wide-reaching consequences for hundreds of thousands of businesses in the UK.
The Secretary of State for Culture, Media and Sport, Karen Bradley MP, confirmed to the Culture, Media and Sport Select Committee on Monday 24 October that the EU General Data Protection Regulation (GDPR) will apply in the UK.
“We will be members of the EU in 2018 and therefore it would be expected and quite normal for us to opt into the GDPR and then look later at how best we might be able to help British business with data protection while maintaining high levels of protection for members of the public,” she said.
The Information Commissioner, Elizabeth Denham, commented: “I see this as good news for the UK. One of the key drivers for data protection change is the importance and continuing evolution of the digital economy in the UK and around the world. That is why both the ICO and UK government have pushed for reform of the EU law for several years.”
The ICO is now revising its GDPR implementation timeline.
If you’ve been waiting for the government to confirm that the GDPR will apply in the UK, then this announcement should spur you on. You now have less than 18 months until you need to comply with the GDPR – or face fines of up to €20 million or 4% of global annual turnover, plus the threat of litigation from aggrieved data subjects.
EU GDPR – An Implementation and Compliance Guide is a clear and comprehensive guide to this new data protection law, explaining the Regulation, and setting out the obligations of data processors and controllers in terms you can understand.
Topics covered include:
- The role of the data protection officer (DPO) – including whether you need one and what they should do.
- Risk management and data protection impact assessments (DPIAs), including how, when and why to conduct a DPIA.
- Data subjects’ rights, including consent and the withdrawal of consent; subject access requests and how to handle them; and data controllers’ and processors’ obligations.
- International data transfers to “third countries” – including guidance on adequacy decisions and appropriate safeguards; the EU-US Privacy Shield; international organisations; limited transfers; and Cloud providers.
- How to adjust your data protection processes to transition to GDPR compliance, and the best way of demonstrating that compliance.
- A full index of the Regulation to help you find the articles and stipulations relevant to your organisation.