The Information Commissioner’s Office (ICO) has reported on its involvement with a so-called “Fab-Lab” on the General Data Protection Regulation (GDPR) organised by the Article 29 Working Party (WP29). The Fab-Lab was designed to gather the views of stakeholders to help shape the guidance, which the WP29 and national data protection authorities, such as the ICO, provide on the GDPR. The ICO is lead rapporteur for the WP29’s guidance on profiling and data breaches. In relation to profiling, the ICO stressed the need for the guidance to “take into account the varied situations of businesses in different sectors”. In relation to data breaches, the ICO highlighted stakeholders’ confusion around when organisations are required to report data breaches, what information should be included in a report and the process after a breach is reported as key issues, which the guidance will seek to clarify