ICO updates its GDPR guidance



The ICO has added some information to its GDPR guidance document, indicating the areas where the EU Article 29 Data Protection Working Party will issue guidance, and areas on which the ICO is currently concentrating. The ICO aims to publish guidance in early 2017 on contracts and liability, consent and children’s data.

“As we develop the Overview we will treat it as a living document, expanding the text as necessary to cover particular points as they develop. The Overview currently follows the structure of the GDPR; we will add further sections to cover cross cutting issues as necessary e.g. data sharing or profiling,” Information Commissioner, Elizabeth Denham said.

The EU Article 29 Working Party (WP29) is planning the following guidance:

1. Consent
2. Transparency
3. Profiling
4. High risk processing
5. Certification
6. Administrative fines
7. Breach notification
8. Data transfers.

“Where we decide it is appropriate to go ahead and develop ICO guidance on issues not currently being considered by the WP29, we will incorporate it into the Overview. This guidance may take some content from existing DP Act guidance, where it is still relevant. In the event that the WP29 decide to consider a topic we have already worked on we will be in a position to provide input based on the products we have already developed, whether that is guidance or background policy thinking as mentioned below,” Denham said.

The ICO is currently considering whether it can provide any further detail over and above the Article 29 Working Party guidelines on Data Protection Officers.

See updated guidance

Denham’s lecture on GDPR and accountability, addressed to the Institute of Chartered Accountants in England and Wales, with an emphasis on their role as intermediaries who can influence good practice for their clients, was delivered 17 January.