|Blog posted by Elizabeth Denham, Information Commissioner (31/10/16)|
The government has now confirmed that the UK will be implementing the General Data Protection Regulation (GDPR).
The major shift with the implementation of the GDPR will be in giving people greater control over their data. This has to be a good thing. Today’s consumers understand that they need to share some of their personal data with organisations to get the best service. But they’re right to expect organisations to then keep that information safe, be transparent about its use and for organisations to demonstrate their accountability for their compliance.
The ICO is committed to assisting businesses & public bodies to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. As early as January 2016, we met with organisations to better understand the challenges they will face to comply with the law, and we’ve already started to publish work to help with that, from our 12 steps to take towards compliance to our recent privacy notices code of practice which includes GDPR detail
Within the next month, we’ll publish a revised timeline setting out what areas of guidance we’ll be prioritising over the next 6 months. As ever, everything will be published on the ICO website, and we’ll flag updates on twitter and through our e-newsletter.In the meantime, anyone looking to get up to speed should start by reading our overview to GDPR, which sets out the key themes of the regulation to help organisations understand the similarities with the existing UK Data Protection Act, and of course some of the new requirements.