This year will be dominated by the implementation of the General Data Protection Regulation (GDPR) which comes into force on 25th May 2018 and will be the biggest overhaul in European data protection law in almost three decades. Much focus has been on how these changes give enhanced rights to data subjects and how this will impact upon businesses. Currently, the German Cartel Office (Bundeskartellamt) are conducting an investigation which considers Facebook’s collection of personal data from users to be a breach of EU competition law. This is one of a series of investigations across the EU which consider the interaction between data protection and competition law.
The GDPR is the new EU data protection law which will come into effect on 25 May 2018. This will apply in the UK despite Brexit because of the UK Data Protection Bill which is currently working its way through Parliament.
In December 2017, the Article 29 Working Party (WP29) published detailed draft guidelines on consent under the General Data Protection Regulation (GDPR). The guidance, which is currently open for consultation until 23 January 2018 provides an analysis of the concept of consent, together with guidance for organisations on the requirements to (i) obtain; (ii) demonstrate and (iii) maintain valid consent under the GDPR. The UK ICO issued its own draft guidance on consent earlier last year.
The Information Commissioner’s Office (ICO) has recently updated their overview guide to the GDPR as well as expanding on and providing additional information on two key GDPR issues, namely: (i) consent; and (ii) contracts and liabilities.
The Information Commissioner’s Office (ICO) has published draft GDPR guidance on contracts and liabilities between controllers and processors. The paper, which is currently open for consultation until 10 October, aims to provide practical guidance and explain the fundamental requirements that all contracts between controllers and processors must meet by 25 May 2018 in order to be GDPR compliant. The guidance also seeks to help organisations understand the new responsibilities and liabilities of processors.
The General Data Protection Regulation will come into force throughout the EU, including the UK (despite Brexit) on 25th May 2018. The UK Government is busily preparing for its implementation. GDPR will bring about the greatest change to data protection law in thirty years. Below we have highlighted some of the main considerations for energy and natural resource companies and provided some guidance to aid GDPR compliance. There are only eight months until the GDPR takes effect and organisations should be acting now!
Once upon a time we had the Data Protection Act…then we had the General Data Protection Regulation (GDPR)…..then we had Brexit….and now we have the UK Data Protection Bill!
Now that the GDPR is in final form and set for implementation on 25 May 2018, the ICO has issued updated guidance on the 12 steps to GDPR compliance. This update reviews the ICO’s updated guidance, highlights any changes and reminds you of the steps your business should be taking now to ensure compliance before 25 May 2018.