Regulatory & Governmental Data Protection Guidance and Consultation Update
By way of brief update, a number of data protection guidance and consultation documents have been recently issued in connection with the EU General Data Protection Regulation (GDPR) as follows:
- The EU’s WP29 has issued the finalised versions of guidance as regards: The Lead Supervisory Authority; Data Portability; and, Data Protection Officers, which can all be found here. The finalised guidance contains some important changes to the previous draft versions;
- The EU’s WP29 has also issued guidance about Data Protection Impact Assessments and determining whether processing is likely to result in a high risk to the rights and freedoms of individuals, which can be found here. Comments about the guidance can be sent to the WP29 by 23 May 2017;
- The UK’s ICO has issued a consultation document about Profiling (and Automated Decision-Making), as set out under the GDPR, which can be found here. The ICO will submit its views on Profiling to the WP29 to feed into eventual guidance to be adopted in this area by WP29. Feedback about the consultation can be submitted to the ICO by 28 April;
- The UK’s ICO also has an ongoing consultation about consent which it hopes to finalise by June 2017 (the deadline for the submission of comments to the ICO has expired) – the consultation document can be found here; and,
- The UK government has issued a consultation document calling for views to be submitted to it as regards derogations that can be adopted under the GDPR, which can be found here. The GDPR will apply in the UK post-Brexit and the UK government plans to introduce legislation this year to ensure that there are no inconsistencies with the GDPR. The GDPR allows scope for derogations and so the UK government wants to hear from organisations what their views are about these derogations, and although the UK government has grouped these derogations into fourteen themed areas in the consultation document it has not set out its views on these derogations as such.
There is more information about this and other data protection topics in Cordery’s GDPR Navigator subscription service. GDPR Navigator includes short films, straightforward guidance, checklists and regular conference calls to help you comply. More details are here.
For more information please contact Jonathan Armstrong or André Bywater who are lawyers with Cordery in London where their focus is on compliance issues.
|Jonathan Armstrong, Cordery, Lexis House, 30 Farringdon Street, London, EC4A 4HH
|André Bywater, Cordery, Lexis House, 30 Farringdon Street, London, EC4A 4HH
|Office: +44 (0)207 075 1784
|Office: +44 (0)207 075 1785