New Data Protection Regulation: Are You Ready?

GDPR

The Information Commissioner’s Office (ICO) recently published the results of its Local Government Information Survey, together with recommendations to councils on their data protection and information governance practices in preparation for the implementation of the General Data Protection Regulation (GDPR) in May 2018.

The ICO’s key findings from the councils it surveyed were that one-quarter do not yet have a data protection officer, whilst one-third do not conduct privacy impact assessments. Both will be requirements of the forthcoming GDPR. The ICO’s overall conclusion is that whilst councils can and do demonstrate good practice, many “have work to do”.

In response, the ICO published a blog on the key areas councils will need to consider in order to prepare for the GDPR. These include:

  • Adoption of a privacy-by-design approach, incorporating data sharing policies and data protection impact assessments;
  • Appointment of the right staff, including a data protection officer and an “Information Asset Owner”; and
  • Providing annual refresher training to all staff and data protection training to temporary staff.

The ICO has stated that adhering to good practice measures under the Data Protection Act 1998 will stand organisations in good stead for the GDPR.

Although this survey was aimed solely at local government level, there is a very real risk that these statistics are in reality, indicative of a general lack of readiness for the GDPR.

The helpful points set out above apply equally to commercial entities as to local government and we strongly recommend our clients start thinking about the implications of the GDPR at this stage. We are in the process of helping clients get ready and, in some cases, this will take a good 6 months in terms of assessing what data you hold, how it is dealt with, ensuring policies and procedures are up to date, looking at changes that will have to be made to them and ensuring staff are trained appropriately.

If you need any help in your GDPR preparation, please contact us.

Tidman Legal is a firm of specialist business and intellectual property lawyers based in Edinburgh.