UK’s ICO releases new guidelines for becoming GDPR ready

UK’s ICO releases new guidelines for becoming GDPR ready

The UK's ICO has released a new set of guidelines aimed at ensuring companies are adequately prepared for the introduction of the GDPR.

The UK’s ICO has released a new set of guidelines aimed at ensuring companies are adequately prepared for the introduction of the GDPR.

The Information Commissioner’s Office (ICO) in the UK has released a new set of guidelines aimed at ensuring companies are adequately prepared for the introduction of the General Data Protection Regulation (GDPR).

The document states that decision makers and key members of organizations should make themselves aware of the upcoming changes in the law, and keep a firmer grasp on the details surrounding the information they hold.

It also recommends that companies review privacy notices and ensure there is a plan in place that allows them to make any necessary changes to be in compliance with GDPR.

Having the right procedures in place in order to react to data breaches is also a crucial part of the ICO’s guidance, with companies now being urged to familiarize themselves with previous guidance surrounding privacy impact assessments (PIAs).

Several other areas are also outlined as being potentially crucial to successfully adapting to GDPR, but the ICO insists the new measures, which are due to come into effect midway through 2018, will contain many of the same principles and concepts as the current Data Protection Act.

As such, many companies already abiding by current legislation are likely to have a majority of bases covered.

However, the ICO stresses there are several noticeable differences and enhancements included in the GDPR that need to be taken on board.

Speaking at a lecture in London for the Institute of Chartered Accountants in England and Wales, UK information commissioner Elizabeth Denham said the biggest difference refers to accountability.

“The new legislation creates an onus on companies to understand the risks that they create for others, and to mitigate those risks,” she continued.

“It’s about moving away from seeing the law as a box-ticking exercise, and instead to work on a framework that can be used to build a culture of privacy that pervades an entire organization.”

Discussion