New Guidance for the EU General Data Protection Regulation (GDPR)
In January, the ICO revealed a new swathe of guidance for the EU General Data Protection Regulation.
The first set of guidance – published in October – covered privacy notices, transparency and control which came with a warning that it is no longer enough just to place a privacy notice on a website, they have to be constantly reviewed and tweaked.
The new set has been provided by the EU Article 29 Working Party which is made up of the data chiefs of all EU states – and is now on the ICO Website. It covers data portability, lead supervisory authorities and companies will be expected to appoint data protection officers.
Article 29 is also planning guidance on consent, transparency, profiling, high-risk processing, certification, administrative fines, breach notification and data transfers.
Meanwhile the ICO says it will also be issuing its own advice on contracts & liability, and consent in the coming months.