Ico sets out plans to issue gdpr guidance

“The update explains the work we will be contributing in the coming year as part of the Article 29 Working Party, as well as the guidance and policy development we have opted to prioritise ourselves,” she wrote in a blog post.

Pedder said the Article 29 Working Party – the body that currently brings together the data protection authorities across Europe – was leading the way in developing guidelines on some of the key aspects of the law.

“As the UK member of the Article 29 Working Party, we are inputting into this process and taking a lead role on a number of priority guidelines aimed at organisations,” she said.

Pedder highlighted the work the ICO was doing to develop an overview of the GDPR as a living document that would be updated continually with guidance by the ICO and the working party.

The latest guidelines published by the Article 29 Working Party are open to comment until the end of January 2017.


Iphone 5 data recovery without backup They have been added to the ICO’s GDPR Overview and cover data portability, lead supervisory authorities and data protection officers.

“We have added links to the guidelines into the overview and we are considering what, if any, key messages we need to draw out and explain in more detail,” said Pedder.

The ICO previously indicated that its GDPR guidance would be issued in three phases, with the first covering familiarisation and key building blocks, the second covering guidance structure and mapping, including process review and initial development of associated tools, and the third being a review.

• The Information Commissioner’s Office is to publish a revised timeline for the UK implementing the EU’s General Data Protection Regulation after Brexit.

• What is the role of information security professionals in helping organisations to ensure they are compliant with the EU’s General Data Protection Regulation (GDPR)?

So far, the ICO has produced a document, Preparing for the GDPR: 12 steps to take now to give organisations a list of the key issues they need to address in their preparations.

The ICO has also published the first version of its Overview of the GDPR, referred to relevant GDPR provisions in its revised Privacy notices code of practice, and has been identifying what guidance is needed as a priority.

The ICO said it would continue to work on three main areas: European-level guidance in the form of Article 29 Working Party (WP29) guidelines, ICO guidance and other policy work.

As the UK’s WP29 representative, the ICO said it would continue to contribute to producing WP29 guidelines and include them in the GDPR Overview.

In 2017, the WP29 intends to produce guidance documents on key GDPR topics, including administrative fines, profiling, consent, transparency, notification of personal data breaches, and tools for international data transfers.

It said it had also started to consider the GDPR provisions specific to children’s personal data, and was consulting relevant stakeholders about international data transfers.

In February 2017, the ICO plans to publish the second version of its paper on big data. Bplan data recovery “While this is not a guidance document on the GDPR, it does discuss GDPR provisions that are relevant to big data and machine learning,” it said.

banner