Information Commissioner's Office
How the ICO will be supporting the implementation of the GDPR
Blog posted by: Elizabeth Denham, Information Commissioner, 31 October 2016.
The government has now confirmed that the UK will be implementing the General Data Protection Regulation (GDPR). The Secretary of State Karen Bradley MP used her appearance before the Culture, Media and Sports Select Committee to say:
“We will be members of the EU in 2018 and therefore it would be expected and quite normal for us to opt into the GDPR and then look later at how best we might be able to help British business with data protection while maintaining high levels of protection for members of the public.”
I see this as good news for the UK. One of the key drivers for data protection change is the importance and continuing evolution of the digital economy in the UK and around the world. That is why both the ICO and UK government have pushed for reform of the EU law for several years. The digital economy is primarily built upon the collection and exchange of data, including large amounts of personal data – much of it sensitive. Growth in the digital economy requires public confidence in the protection of this information.
Citizens want the benefits of these digital services but they want privacy rights and strong protections too. Having sound, well-formulated and properly enforced data protection safeguards help mitigate risks and inspire public trust and confidence in how their information is handled by business, third sector organisations, the state and public service.
The major shift with the implementation of the GDPR will be in giving people greater control over their data. This has to be a good thing. Today’s consumers understand that they need to share some of their personal data with organisations to get the best service. But they’re right to expect organisations to then keep that information safe, be transparent about its use and for organisations to demonstrate their accountability for their compliance.
The ICO is committed to assisting businesses and public bodies to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond.
As early as January 2016, we met with organisations to better understand the challenges they will face to comply with the law, and we’ve already started to publish work to help with that, from our 12 steps to take towards compliance to our recent privacy notices code of practice which includes GDPR detail.
Within the next month, we’ll publish a revised timeline setting out what areas of guidance we’ll be prioritising over the next six months. As ever, everything will be published on the ICO website, and we’ll flag updates on twitter and through our e-newsletter.
In the meantime, anyone looking to get up to speed should start by reading our overview to GDPR, which sets out the key themes of the regulation to help organisations understand the similarities with the existing UK Data Protection Act, and of course some of the new requirements.
I acknowledge that there may still be questions about how the GDPR would work on the UK leaving the EU but this should not distract from the important task of compliance with GDPR by 2018. We’ll be working with government to stay at the centre of these conversations about the long term future of UK data protection law and to provide our advice and counsel where appropriate.
Latest News from
Information Commissioner's Office
ICO launches second consultation on the draft Data protection and journalism code21/09/2022 14:10:00
The Information Commissioner’s Office (ICO) has launched a second consultation on a draft code of practice about using personal data for journalism (the code).
Tribute to Her Majesty The Queen09/09/2022 14:20:00
Statement given by John Edwards, Information Commissioner.
ICO takes action against two government departments for failing to comply with the Freedom of Information Act 200009/09/2022 12:25:00
The Information Commissioner’s Office (ICO) has issued an enforcement notice to the Department for International Trade (DIT) and a practice recommendation to the Department for Business, Energy and Industrial Strategy (BEIS), for persistent failures to respond to information access requests within the statutory time limit.
ICO publishes guidance on privacy enhancing technologies07/09/2022 15:15:00
The Information Commissioner’s Office (ICO) has published draft guidance on privacy-enhancing technologies (PETs) to help organisations unlock the potential of data by putting a data protection by design approach into practice.
Halfords fined for sending nearly 500,000 unwanted marketing emails06/09/2022 12:15:00
The Information Commissioner’s Office (ICO) has fined Halfords Limited £30,000 for sending 498,179 unsolicited marketing emails to people without their consent.
“Children are better protected online in 2022 than they were in 2021” - ICO marks anniversary of Children’s code02/09/2022 16:20:00
The ICO is marking the anniversary of the groundbreaking Children’s code, that has changed how children are treated online.
ICO acting against eight individuals over alleged theft of road traffic accident data from garages30/08/2022 14:10:00
The Information Commissioner’s Office (ICO) has commenced criminal proceedings against eight individuals over the alleged unlawful accessing and obtaining of people’s personal information from vehicle repair garages to generate potential leads for personal injury claims.
Former health adviser found guilty of illegally accessing patient records08/08/2022 12:25:00
A former health adviser has been found guilty of accessing medical records of patients without a valid legal reason.