By Steve Wood, Head of Policy Delivery.
Manchester becomes the capital of UK data protection this week, with 800 data protection practitioners heading to our conference in the city. And for the delegates heading to the north-west, top of the agenda will be considering the impending implementation of the data protection reforms agreed last December. The reforms encompass the General Data Protection Regulation, which will have direct effect, and a new Directive on data protection related to law enforcement.
The last pieces of work to finalise the texts continue apace, focused on translation and final legal checks. Once that happens, we’ll see final political agreement, hopefully around July and then a two year transition period to accustom ourselves to the new way of doing things.
The ICO’s work around implementing the reforms has started in earnest. We’re keen to hear from people about which areas of the reforms will be the most challenging to implement and what our priorities for advice and guidance should be. An event we held to this end in January gave us a good foundation about the key areas for a range sectors.
One message that came over loud and clear was that people are starting to develop a plan and want to take the key steps towards implementation well ahead of 2018. With that in mind, we’ve produced our first General Data Protection Regulation product, outlining twelve steps to take to prepare for the reforms.
Over the next few months we’ll be doing more work to consider the feedback we’ve received and produce a more detailed plan for the guidance, other tools and services we need to develop. We’ll also be working closely with the other EU data protection authorities in the Article 29 working party on guidance and preparations for the set-up of the new European Data Protection Board which will replace Article 29 in 2018.
Many of the principles in the new legislation are much the same as those in the current Data Protection Act. If you are complying properly with the current law, then you have a strong starting point to build from. But there are important new elements, and some things will need to be done differently. The new law will enhance the rights of data subjects and place more obligations on organisations to be accountable for their use of personal data. These twelve points are intended to be a helpful starting point, to help break down the legislation – which can appear daunting – into practical areas for action.
We’re also aware that those working in sectors with law enforcement functions are also expecting advice and guidance about the data protection directive on law enforcement, which was agreed at the same time as the General Data Protection Regulation. Many of the provisions in the directive are drawn from the Regulation. We’ll also assess what specialist guidance may be needed.
Meanwhile, our work preparing for the reforms will continue. There’s still plenty of work to do, and our focus at this stage will remain on establishing what our priorities should be, rather than rushing to produce guidance. That means plenty more listening to what people are concerned about, and where they’d like to see us ultimately focus our efforts around guidance. We’re not looking to start answering specific questions at this stage – don’t forget the final text of the reforms hasn’t been agreed yet – but feedback about areas where advice and guidance is most needed would definitely be appreciated below the line.
|Steve Wood‘s department develops the outputs that explain the ICO’s policy position on the proper application of information rights law and good practice, through lines to take, guidance, internal training, advice and specific projects.|