As we reported previously, the General Data Protection Regulation (GDPR) has now been formally adopted by the European Parliament and the countdown to 25 May 2018, when it will come into force, has begun.

In light of this, the ICO has released an update setting out the approach it proposes to take in producing guidance in the run up to that date. This falls into three priority areas; ICO guidance, European level guidance and policy outputs and the ICO aims to implement this plan over the following three phases:

  • Phase 1 – in the next six months, the ICO will focus on producing guidance aimed at assisting organisations in identifying the key differences in the new regime and the steps that they will need to take to prepare.
  • Phase 2 – overlapping with phase 1, the ICO will consider how to map its existing guidance to the new GDPR structure. It will also look to produce more practical guidance tools, focused particularly on assisting SMEs with GDPR compliance.
  • Phase 3 – prior to May 2018, the ICO will finalise guidance and any practical tools it develops. It also plans to signpost relevant European level guidance or to translate such work into its own ICO guidance. The ICO has already commenced its work on Phase 1, publishing its '12 steps to take now' and, even at this stage, organisations should be starting to consider the actions they should be taking to prepare.  

For further guidance on preparing for the GDPR, please take a look at our previous briefing: Seeing the wood for the trees.