What does this cover?

Early this month the ICO's David Smith, Deputy Commissioner and Director of Data Protection, blogged on the 5 key steps for businesses to consider in preparation for the EU's data protection regulation reforms – "On the most optimistic forecasts, the two year run in period is unlikely to start much before June 2016, with the Regulation in force in June 2018, though end of 2018 might be a more realistic prospect…Plenty of time to prepare, then, but it may still be wise for UK businesses to start thinking about what the impact might be."  We've summarised the 5 key steps below: 

  1. Consent and Control – Consider how much control customers have over the data that you hold on them i.e. Are they aware of the implications of consenting? Can they withdraw consent easily? Do they know how to do this?  
  2. Accountability – What processes are in place to ensure your business is data protection compliant? Do your customers know of these?  
  3. Staffing – You may be required to designate a Data Protection Officer. Do you have someone in place to take on this role?  
  4. Privacy by design – Do new systems and processes deliver compliance? Do you know what a privacy impact assessment is?   
  5.  Breach Management – Are breach management processes in place? If so, how ready are these to be activated in the case of a significant breach?

To view the ICO blog, please click here.

What action could be taken to manage risks that may arise from this development?

Companies should consider putting in place a programme to prepare themselves for the reforms.