+44(0)20 7638 9271

The GDPR picture becoming clearer

There have been quite a few developments on GDPR in recent months with the publication of the Data Protection Bill by the UK Government, and further guidance from the ICO and the A29 Working Party. The GDPR landscape is slowing becoming clearer.

Data Protection Bill

This came out on 14 September 2017. The main parts of the Bill are:

  1. General data processing;
  2. Law enforcement processing;
  3. National security processing; and
  4. Regulation and enforcement

Contrary to government spin, the main thrust of the Bill is to bring the GDPR into effect under UK law.

There are a few UK derogations from GDPR proposed

  • Extending the GDPR to cover all general data that falls outside current EU competence
  • Repealing the Data Protection Act 1998, but preserving the key concepts that currently exist under that Act, so far as possible
  • Introducing derogations in specific areas, including the research sector and in relation to the protection of children online
  • Introducing criminal offences for organisations that intentionally or recklessly process data

On 14 September 2017, the Information Commissioner also published a statement regarding the Bill, available to view online here.

ICO Guidance

The ICO has been quite busy and has published the following:

The ICO intends to publish a Guide to the GDPR, expected by early 2018. More detailed guidance on contracts between controllers and data processors, children’s data, and accountability is expected before year end.

Article 29 Working Party

This body advises EU member states on data protection, and has published:

  • Revised guidelines on:
    • data portability,
    •  data protection officers, and
    •  lead supervisory authorities
  • Guidelines on data protection impact assessment and determining whether processing is “likely to result in a high risk” for the purposes of the GDPR

Further guidance is expected on:

  • Consent
  • Transparency
  • Profiling
  • Certification
  • Administrative fines
  • Breach notification
  • Data transfers

 

We will keep you informed of this further guidance as it comes out. However, for further information, please contact Christopher Evans of this firm by email to C.Evans@druces.com or on +44 20 7216 5505.

This was first posted on 12 October 2017.