Guidelines on profiling and breach reporting have been published by the Article 29 Working Party; the EU data protection authorities who are tasked with reaching agreement on GDPR across the EU. Strategies on administrative penalties that were implemented earlier this month are due to be published shortly.
As the UK member of Article 29, the ICO ensures that uniformity across the EU is one of the fundamental drivers of GDPR, and is both leading and supporting in the expansion of guidance on some of the main aspects of the regulations.
The ICO is using a number of methods to inform the discussions which eventually lead to the finalised EU Guidelines. This has included the feedback received from their paper on Profiling and Automated Decision Making and the draft of Guidance on Consent.
ICO can refine it’s UK specific guidance on consent once WP29At the end of the year when WP29 publishes its guidelines at the end of the year.
ICO are continuing to work on the wider suite of ICO guidance, ranking areas that are not on the WP29 workplan but where they have identified a specific need and they think they can add value for our UK audience.
ICO have issued draft guidance on contracts between data controllers and processors, and are currently analysing the feedback they have received in order to produce the final version.
Our GDPR Consultants can help you implement best practices in preparation for updates to UK’s Data Protection Legislation (which comes into effect on 25th May 2018), and work with you as more GDPR guidance notes are released. Contact us to start implementing Data Protection Best Practices.