In early January, the Article 29 Working Party (WP29)
adopted its 2017 Action Plan (Action Plan) on the
implementation of the General Data Protection Regulation
Amongst the actions proposed, the Action Plan provides a list of
guidelines to be published throughout the year; which are set to
Certification and processing likely
to result in high risk;
Data Protection Impact
Establishment of the European Data
Protection Board (EDPB);
"One-stop-shop" and the
EDPB's consistency mechanism; and
Consent and Profiling.
Following on from the success of its
Fablab in July 2016, the WP29 has invited stakeholders to
present their views on the above topics at a second Fablab in April
2017. The WP29 will then consult non-EU counterparts on their views
on the GDPR, including its implementation, in May.
As reported in a previous
blog, the WP29 published its guidelines on data portability,
data protection officers and lead supervisory authority at the end
of 2016. Stakeholders have until 31 January to provide feedback on
these guidelines, after which the WP29 plans to update these
guidelines to take into account responses.
In the UK, the Information Commissioner's Office (ICO)
updated its Overview of the GDPR to reflect the Action
Plan. Additionally, the ICO has been assessing numerous provisions
of the GDPR, including those on risk, profiling and children's
personal data, and aims to publish its own guidance on certain
topics (e.g. consent and liability) in the first half of 2017.
Monthly updates illustrating forthcoming guidance from either the
ICO or the WP29 will be detailed in the ICO's "What's
New" section (first page of the aforementioned Overview).
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In light of the much anticipated ICO draft GDPR (the General Data Protection Regulation) Consent Guidance being published yesterday, 2 March 2017, we will be running a mini-series on the guidelines under consultation and the impact the GDPR will have on the much vexed position of consent and the impact on your business.
The first of our four discussions on the ICO guidelines for Consent will focus on the meaning of consent under the GDPR (General Data Protection Regulation) and how this change enhances the previous law on consent to data processing.
The fourth and final part of our mini-series on the draft ICO guidance on Consent, published on 2 March 2017, focuses on the practical impact the GDPR (General Data Protection Regulation) will have on how your organisation records and manages consent.
A fundamental aspect of all fair and lawful processing of personal data under the current data protection rules is the requirement for the party who is the data controller to meet one or more conditions ("the conditions for processing").
The second in our mini-series on the ICO guidance on Consent, published on 2 March 2017, focuses on how the changes to be introduced by the GDPR (General Data Protection Regulation) will impact upon your business and what you can do to pre-empt the changes before their introduction in May 2018.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).