On May 24, 2016, the UK Information Commissioner’s Office (“ICO”) published priorities for preparing for the EU General Data Protection Regulation (“GDPR”).
The ICO’s priorities for issuing guidance to assist organizations with GDPR preparation are split into three phases.
Phase 1 – Familiarization and Key Building Blocks
This phase focuses on issuing guidance to help organizations understand the key differences between the EU Data Protection Directive and the GDPR. This builds on the Preparing for the GDPR – 12 Steps to Take Now document the ICO previously published. The ICO will produce its own guidance and provide input at the European level which will go towards the Article 29 Working Party guidance.
Phase 2 – Guidance Structure and Mapping, Process Review and Associated Tools
The ICO will develop a structure for its GDPR guidance and decide how to prioritize the work to refresh or create new guidance.
Phase 3 – Bulk Guidance Refresh/Production and Review
The ICO will draft, update and finalize its guidance, including linking to relevant European level guidance where appropriate.