The General Data Protection Regulation ("GDPR") is set to reform data protection law across the EU. The wording of the GDPR was finalised last spring when it was confirmed that it will come into force on 25 May 2018.
June's referendum threw a small spanner in the works, following which it was not entirely clear to what extent the GDPR would be implemented in the UK. To clear up the uncertainty, the government has now confirmed that the GDPR will automatically become law in the UK on 25 May 2018 after all. Even though it was expected that this would be the case, it is still helpful to have the confirmation.
Unfortunately, even though we know what the GDPR says, there is a lot of uncertainty how it should be applied in practice. Fortunately, the Information Commissioner, Elizabeth Denham, has now confirmed that the ICO will soon be providing a timetable which will tell us when it will be publishing its guidance notes to help guide organisations through the practical application of the GDPR.
We still do not know what will happen to data protection law in the UK following our exit from the EU (date to be confirmed) but the Information Commissioner has made it clear that this should not distract organisations from "the important task of compliance with GDPR by 2018."
Starting in November, we will be providing monthly updates which will focus on different elements of the GDPR and provide practical advice on complying with the new obligations. If you would like to subscribe to the monthly updates, please contact us on email@example.com