The UK Information Commissioner’s Office (“ICO”) has provided details on its plans to provide guidance to organizations on compliance with the European Union’s General Data Protection Regulation (“GDPR”), which will apply EU-wide as from 25 May 2018.
The ICO’s work plan involves three overlapping “phases.” Over the next six months, priority outputs will include ICO guidance on the following items:
- GDPR Overview
- Individuals’ rights
- Privacy notices code of practice
During this time-frame, the ICO will also contribute to European level guidance being developed by the Article 29 Working Party and will begin to focus on the following areas for potential ICO or European-level guidance:
- Risk and significant/legal effects
- Children’s privacy
- Documentation/ records of processing activity
- Data controllers/ Data processors
- International transfers
The ICO may also organize consultations and workshops with stakeholders on the above matters.
Subsequent phases will focus on, among other things, aligning the ICO’s existing guidance on the UK Data Protection Act with GDPR requirements.
Of course, all of the above is contingent on the outcome of the “Brexit” referendum on 23 June, when the British public will vote on whether the UK should remain a Member State of the European Union.
Further details on the ICO’s work plan are available at: