The Information Commissioner’s Office (ICO) in the UK has released a new set of guidelines aimed at ensuring companies are adequately prepared for the introduction of the General Data Protection Regulation (GDPR).
The document states that decision makers and key members of organizations should make themselves aware of the upcoming changes in the law, and keep a firmer grasp on the details surrounding the information they hold.
It also recommends that companies review privacy notices and ensure there is a plan in place that allows them to make any necessary changes to be in compliance with GDPR.
Having the right procedures in place in order to react to data breaches is also a crucial part of the ICO’s guidance, with companies now being urged to familiarize themselves with previous guidance surrounding privacy impact assessments (PIAs).
Several other areas are also outlined as being potentially crucial to successfully adapting to GDPR, but the ICO insists the new measures, which are due to come into effect midway through 2018, will contain many of the same principles and concepts as the current Data Protection Act.
As such, many companies already abiding by current legislation are likely to have a majority of bases covered.
Irish firms aren’t prepared for changes to European Data Protection law, according to survey by Mazars and McCann FitzGerald.
According to the survey, many businesses have not yet addressed some of the key requirements of the GDPR. While 82% of organisations think that meeting the challenges of GDPR will be challenging to extremely challenging, only 16% of organisations have actually mobilised a project to meet those compliance requirements. 43% envisage that creating and maintaining an inventory of personal data will be the most challenging requirement to address.
Silicon Republic reports the DPC of Ireland, Helen Dixon, has published a new guide to understanding GDPR from the perspective of individuals and businesses.
The document is the first in a series that will run up to 25 May 2018, when the GDPR comes into effect.
The DPC points out that GDPR gives data protection authorities more robust powers to tackle non-compliance, including significant administrative fining capabilities of up to €20m (or 4pc of total annual global turnover, whichever is greater) for the most serious infringements.