Happy New Year! With 2018 off to a rapid start, companies now have fewer than five months to become GDPR-compliant.

Although the basic principles and obligations enshrined in the GDPR are not new, the GDPR contains a complex, interlinked series of requirements whose practical application to real world situations is often very unclear. The Article 29 Working Party, a body consisting of EU national data protection authorities, has issued several important opinions and guidelines intended to help data controllers and processors interpret the new rules. These guidelines, while not legally binding, are influential and are likely to be given considerable weight by reviewing courts.

We have provided the links to the most important publications below for ease of reference:

In the UK, which will apply the GDPR prior to and for some time after Brexit, there is currently a draft Data Protection Bill making its way through British Parliament. If adopted in its current form, the Bill will serve to implement the GDPR, including various derogations. For UK based companies, it may also be helpful to consider the following guidelines published by the UK Information Commissioner’s Office (ICO):

National data protection authorities in other countries may also publish helpful GDPR related checklists or country-specific guidance. The Data Privacy & Cybersecurity team at Squire Patton Boggs has substantial experience counselling clients on how to prepare for and comply with the GDPR in the most practical ways.

If your company has been putting off the inevitable, we can help you identify the highest regulatory risks in order to prioritise the GDPR action steps that can and should be achieved by the end of May 2018.