Following the enforcement of the GDPR on the 25 May, the ICO have usefully included a "What's new" section within their Guide to the General Data Protection Regulation accessible on their website. This section helpfully lists any guidance and updates the ICO have published each month.

In the final lead up to the GDPR coming into force, the ICO has published new, or updated, detailed guidance on various core concepts of the GDPR:

  • Children and the GDPR;
  • Determining what is personal data;
  • Automated decision-making and profiling;
  • The right to be informed;
  • Data Protection Impact Assessments (DPIAs);
  • Consent; and
  • Data protection by design and default.

The ICO's GDPR Guide now also includes pages on Codes of Conduct and Certification in addition to expanding the pages on right of access and right to object, and on the right to data portability.

We can also expect more input and guidance from the successor to the Article 29 Working Party. The European Data Protection Supervisor (EDPS), the EU body in charge of the application of the GDPR, is also at the centre of the new data protection landscape. It is in charge of ensuring the GDPR is consistently applied throughout the EU and has extensive powers to determine disputes involving national supervisory authorities, as well as issuing guidance. More information about the EDPB including its newsletters and updates on recent data protection developments is available here.

During its first plenary meeting, the EDPB adopted a draft version of the Guidelines on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679 for consultation. A public consultation is due to start for 6 weeks on 30 May and the public are invited to contribute by submitting their comments to EDPB@edpb.europa.eu by the 12 July 2018.