ICO issues more GDPR guidance and confirms that BCRs will continue
23/11/2017
The guidance, issued on 21 November, puts together information about guidance previously issued by the ICO, and links to guidance by the EU Article 29 Working Party.
The ‘what’s new’ section will be updated monthly to highlight and link to what’s new in the ICO’s overview of the GDPR.
The guidance includes helpful tools for controllers, such as a Controller and Processor Contracts Checklist, and a Checklist for Getting ready for the GDPR. However, larger organisations with complex data protection issues may not have their questions answered by this guide.
All of the Article 29 Working Party future guidance will feed into the ICO’s overview. The WP is currently consulting on its draft guidelines on Automated individual decision-making and Profiling (until 28 November), and is expected to publish guidelines on data transfers based on Binding Corporate Rules and contractual clauses by the end of the year. The ICO has recently issued a blog on the future of Binding Corporate Rules in the UK. It says that BCRs will continue despite Brexit: ‘The ICO will carry on receiving and accepting BCR authorisation applications in the run up to, and beyond, GDPR taking effect. We encourage organisations to make contact with us if they wish to discuss their needs in advance of making an application.’
See https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
Privacy Laws & Business is running a GDPR Help! Roundtable in London next Thursday, 30 November which is a peer-to-peer discussion on GDPR compliance challenges and solutions. The roundtable is limited to 25 people. The session qualifies for 6 CPD hours. Register, and see the programme at www.privacylaws.com/help