What is it?
On 25 May 2018 the European General Data Protection Regulation (GDPR) will come into force across the EU. This means that the greatest shake up of data protection laws in Europe will be applicable in the United Kingdom in a mere twelve weeks’ time. Don’t despair – there is still time left to prepare for the impact that the GDPR will have on your business or organisation. In this first of our “final countdown” twelve blog posts leading up to 25 May, we will provide some guidance on what practical steps you can take to ensure your business is GDPR compliant.
What is it?
The General Data Protection Regulation (or GDPR), which comes into effect on 25 May 2018, is an EU Regulation on the protection of natural persons with regard to the processing of personal data. But what is personal data – you would think an easy question to answer, perhaps not so, and the European Commission has now put together a set of FAQs in respect of the reform of EU data protection rules, in order to provide further clarity on what is considered to be personal data.
This year will be dominated by the implementation of the General Data Protection Regulation (GDPR) which comes into force on 25th May 2018 and will be the biggest overhaul in European data protection law in almost three decades. Much focus has been on how these changes give enhanced rights to data subjects and how this will impact upon businesses. Currently, the German Cartel Office (Bundeskartellamt) are conducting an investigation which considers Facebook’s collection of personal data from users to be a breach of EU competition law. This is one of a series of investigations across the EU which consider the interaction between data protection and competition law.
The GDPR is the new EU data protection law which will come into effect on 25 May 2018. This will apply in the UK despite Brexit because of the UK Data Protection Bill which is currently working its way through Parliament.
In December 2017, the Article 29 Working Party (WP29) published detailed draft guidelines on consent under the General Data Protection Regulation (GDPR). The guidance, which is currently open for consultation until 23 January 2018 provides an analysis of the concept of consent, together with guidance for organisations on the requirements to (i) obtain; (ii) demonstrate and (iii) maintain valid consent under the GDPR. The UK ICO issued its own draft guidance on consent earlier last year.
The Information Commissioner’s Office (ICO) has recently updated their overview guide to the GDPR as well as expanding on and providing additional information on two key GDPR issues, namely: (i) consent; and (ii) contracts and liabilities.
The Information Commissioner’s Office (ICO) has published draft GDPR guidance on contracts and liabilities between controllers and processors. The paper, which is currently open for consultation until 10 October, aims to provide practical guidance and explain the fundamental requirements that all contracts between controllers and processors must meet by 25 May 2018 in order to be GDPR compliant. The guidance also seeks to help organisations understand the new responsibilities and liabilities of processors.