ARTICLE
4 April 2017

Data Protection

CC
Clyde & Co

Contributor

Clyde & Co logo
Clyde & Co is a leading, sector-focused global law firm with 415 partners, 2200 legal professionals and 3800 staff in over 50 offices and associated offices on six continents. The firm specialises in the sectors that move, build and power our connected world and the insurance that underpins it, namely: transport, infrastructure, energy, trade & commodities and insurance. With a strong focus on developed and emerging markets, the firm is one of the fastest growing law firms in the world with ambitious plans for further growth.
Explore Firm Details
Lexpert Firm Profile
Karen Bradley MP, the Secretary of State for Culture, Media and Sport, recently confirmed that the UK will be implementing the General Data Protection Regulation (GDPR), in force from May 2018.
United Kingdom Privacy
Person photo placeholder
Authors

General Data Protection Regulation (GDPR)

Karen Bradley MP, the Secretary of State for Culture, Media and Sport, recently confirmed that the UK will be implementing the General Data Protection Regulation (GDPR), in force from May 2018.

To help businesses prepare for the new regime - which introduces reporting/notification requirements for the first time in the UK and can see businesses fined up to 4% of the company's worldwide annual turnover for breaches - the Information Commissioner's Office (ICO) and the EU Article 29 Working Party (WP29) are beginning to publish guidance on how to interpret the GDPR.

In October 2016, the ICO published a new code of practice on privacy notices, titled 'Privacy notices, transparency and control' aimed at "all organisations that collect information about people, whether directly or indirectly" providing guidance on: gaining and recording consent; the content of a privacy notice, including how the privacy notice should be written and presented; how to communicate privacy information for individuals. It also provides guidance on complying with Articles 12, 13 and 14 (which relate to the provision of privacy information to data subjects).

The WP29 has also published its first set of guidance (including FAQs) on the GDPR focussing on the following:

  • Data portability (the right for data subjects to receive the personal data, which they have provided to a data controller, in a structured, commonly used and machinereadable format, and to transmit that data to another data controller without hindrance)
  • Data Protection Officers (when a DPO is required)
  • The identification of the lead supervisory authority (where the controller or processor is carrying out the cross-border processing of personal data). WP29 intends to produce guidance documents on:
  • Administrative fines
  • High risk processing and Data Protection Impact Assessments
  • Certification
  • Profiling
  • Consent
  • Transparency
  • Notification of personal data breaches
  • Tools for international transfers

Data Protection

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Person photo placeholder
Clyde & Co LLP
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More