Data Protection guidance to look out for in 2017

With the deadline for the full implementation of the GDPR drawing closer, organisations which have not yet started to map out their data processing and modify their procedures to ensure compliance with the new regime need to start doing so now. Organisations which are aware of and have systems in place to ensure compliance with their current obligations under the Data Protection Act will have a good foundation for making the transition to the GDPR, however, the process may be time-consuming.

The ICO has declared its commitment to assisting organisations in ensuring a smooth transition. In a guidance published online in January 2017, the ICO stated that it intends to help organisations by:

  1. Working together with the EU’s Working Party 29 (“WP29”), a working group made up of representatives from the various European data protection authorities having the purpose of acting as a platform for cooperation, to develop guidance for transitioning organisations;
  2. Publishing its own guidance for areas which are not covered by the work of the WP29.

Organisations can expect guidance concerning the following to be issued this year:-

By the WP29:

  • Administrative fines
  • High risk processing and impact assessments
  • Certification
  • Profiling
  • Consent
  • Transparency
  • Notification of breaches
  • Tools for international transfers

Independently by the ICO:

  • Contracts and liability
  • Consent

The ICO aims to develop its Overview of the GDPR into a more substantive guide which is continuously developed and will incorporate guidance on matters not being considered by the WP29.

In addition, the ICO has been working on the areas of profiling, risk, international transfers and children’s personal data. The latter will be useful to FE institutions in particular in understanding the extent to which consent is required when dealing with learners who are under 18. We discuss this issue in some detail in the February 2017 edition of our AHUA bulletin.

Officers responsible for data protection compliance should familiarise themselves with the requirements under the GDPR and will find the above guidance useful when it is issued, in particular it will help them to understand how the GDPR will be applied in practice.

Watch this blog for updates.

Lauro Fava
T: 0121 631 5245

Comments - No comments posted yet.

Leave a Comment


Please add 7 and 5 and type the answer here: