It's the final countdown! With less than 60 days to go until the EU General Data Protection Regulation (GDPR) comes into force, this month's newsletter focusses on last minute preparations to ensure compliance.

Regulators across the EU are getting ready for the GDPR. In the UK, the ICO is regularly updating its GDPR guidance pages and, for those organisations that need a kick-start, has produced helpful checklists for both data processors and controllers to get ready.

In Spain, the Spanish Data Protection Agency (by its Spanish acronym AEPD) has been busy publishing guidance and setting up certification schemes. For more information, click here

Across the EU, the Article 29 Working Party has also issued guidance designed to clarify new rights and obligations under the GDPR. Guidance on notification of data breaches has been finalised. One important change from WP29's original draft is that it is now clear that where a breach is discovered by a data processor, the 72 hour time limit for a data controller to notify the breach to the supervisory authority will only begin once the data processor notifies the controller of the breach (which should be done without undue delay).