ICO outlines its GDPR guidance priorities

Several EU flags hoisted outside a building

The Information Commissioner's Office (ICO) has revealed the steps it will take to roll out the EU General Data Protection Regulation (GDPR) in the UK.

Although the UK is set to leave the EU in the future, UK organisations will still need to adhere to the GDPR guidelines from 25 May 2018, or risk being heavily fined for failing to protect their customers' data.

The ICO sai it's just transitioning into phase 2 of its plan to help businesses prepare for the GDPR and will be working with the Article 29 Working Party (WP29) to provide the resources organisations need to ensure their policies are in line with legislation.

It plans to develop an overview of the GDPR as an evolving document that's constantly updated with the latest information about GDPR. Following the latest guidelines published by the WP29, it has made these available to organisations as part of its Overview of the GDPR.

In the future, the ICO plans to develop the document created by the WP29 into its own Guide to the GDPR, which will be the core document for any business. It will not only include the information provided by the WP29, but also additional resources it thinks will be essential for organisations.

"Where we decide it is appropriate to go ahead and develop ICO guidance on issues not currently being considered by the WP29 we will incorporate it into the Overview," the ICO said.

"This guidance may take some content from existing DPA guidance, where it is still relevant. In the event that the WP29 decide to consider a topic we have already worked on we will be in a position to provide input based on the products we have already developed, whether that is guidance or background policy thinking as mentioned below."

"The ICO remains committed to helping organisations to improve their practices and prepare for the GDPR," Jo Pedder, interim head of policy delivery at the ICO, wrote in a blog post announcing the release.

"Consistency across the EU is one of the key drivers of the GDPR, and the Article 29 Working Party the body that currently brings together the DP authorities across Europe is leading the way developing guidelines on some of the key aspects of the law," she added.

Clare Hopping
Freelance writer

Clare is the founder of Blue Cactus Digital, a digital marketing company that helps ethical and sustainability-focused businesses grow their customer base.

Prior to becoming a marketer, Clare was a journalist, working at a range of mobile device-focused outlets including Know Your Mobile before moving into freelance life.

As a freelance writer, she drew on her expertise in mobility to write features and guides for ITPro, as well as regularly writing news stories on a wide range of topics.