The ICO has recently published a summary of its proposed schedule of activities associated with the roll-out of the new GDPR (General Data Protection Regulation).
There are three key phases:
1. Phase 1 - Familiarisation: ICO will develop its 12 step high level guidance note (already published) which identifies what businesses should be doing now within the current transition phase to get 'fit' for the GDPR. This will include producing further summaries and guidance in the next six months (chiefly on Individual's rights; consent and privacy notices).
2. Phase 2 -Guidance structure: The ICO will map the GDPR's new requirements over existing ICO guidance to develop new guidance on the changes required under the GDPR and develop tools to assist organisations (including SME and small business specific considerations) and individuals make sense of the GDPR changes.
3. Phase 3 - Bulk guidance refresh: The ICO will finalise the guidance wherever possible adapting existing ICO guidance and tools.
We will of course keep you updated on developments as the phased roll-out progresses and what this means for businesses.
Of particular interest will be the new requirements on data processors; the developments to the 'consent' requirements, international transfers and the role of the DPO within an organisation. These all have the potential to significantly change the current data protection landscape and impact the way in which businesses utilise data.
Data Protection Reform Guidance: what to expect and when