By Steve Wood, Interim Deputy Commissioner.
It’s just a few weeks since we set out what guidance organisations could expect and when around a General Data Protection Regulation (GDPR) that was on track to come into force in the UK on 25 May 2018.
The result of the 23 June 2016 referendum on membership of the EU now means that the Government needs to consider the impact on the GDPR.
As Baroness Neville-Rolfe said at the Privacy, Laws and Business conference this week, the future will be more uncertain. But she was right to add that while the detailed future may be different from what was envisaged 10 days ago, the underlying reality on which policy is based has not changed all that much.
We’ve been working hard on producing a set of guidance on GDPR, with an overview of the law being the first substantive part of that. We still think it will be useful to publish this overview. This is because once implemented in the EU, the GDPR will be relevant for many organisations in the UK – most obviously those operating internationally. The other main reason is that the GDPR has several new features – for example breach notification and data portability. Therefore, we thought it would still be useful to familiarise information rights professionals with the GDPR’s main principles and concepts.
Similarly the plan of what guidance to expect and when remains useful. The timings might not be so rigid, but the explanations of what areas we’ll be prioritising remain relevant.
With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations, and to consumers and citizens. The ICO’s role has always involved working closely with regulators in other countries, and that will continue to be the case. Having clear laws with safeguards in place is more important than ever given the growing digital economy, and we will be speaking to government to explain our view that reform of UK data protection law remains necessary.
|Steve Wood is Interim Deputy Commissioner and responsible for the ICO’s policy position on the proper application of information rights law and good practice, through lines to take, guidance, internal training, advice and specific projects.|