The new General Data Protection Regulation (GDPR) will come into force on 25 May 2018 and to try to help address the concerns of smaller organisations (e.g. those with fewer than 250 employees), on 1 November, the Information Commissioner’s Office (ICO) began running an advice line. The ICO is the UK regulatory body that is responsible for protecting and enforcing information rights (e.g. it has responsibilities in relation to data protection and freedom of information) and it is expected to issue a guide to the GDPR around the end of the year.
Background on the GDPR
Currently, our data protection laws are governed by the Data Protection Act 1998 (which applied the EU Data Protection Directive into UK law). The GDPR is not a Directive (which sets out goals that all EU members must achieve but allows the members certain freedom to make their own laws to reach these goals) and is instead a Regulation, meaning that the whole of the GDPR will be binding on each EU member. The UK is scheduled to leave the EU on 29 March 2019, so the GDPR (which comes into force on 25 May 2018) will apply at least whilst the UK is an EU member. Therefore, the Queen’s Speech (in June 2017) contained details relating to a new Data Protection Bill and the Bill had its first reading in the House of Lords on 13 September 2017. Nonetheless, businesses that trade with EU citizens and businesses and deal in their personal data will likely have to comply with the GDPR regardless of what happens with Brexit.
Therefore, processors and controllers of personal data in the UK should prepare now to comply with the GDPR and this advice line could be a helpful tool towards that. However, the advice line is no substitute for seeking legal advice on data protection that is tailored to your business. For information on how Briffa can help you on data protection issues contact us or arrange for a meeting on +44 (0)20 7288 6003.