On 26 May 2016 the ICO issued “Guidance: what to expect and when” which sets out its priorities for preparing for the GDPR. There will be three ‘phases’:
- ICO guidance
- European level guidance (in the form of Article 29 Working Party guidelines)
- Policy outputs (to inform future ICO and European guidance)
PHASE 1 – FAMILIARISATION AND KEY BUILDING BLOCKS
In this phase the ICO will focus on producing guidance to assist organisations to get to grips with the key differences in the new legislation and to implement their preparation. (This builds on the ‘12 steps’ document we have already published on the DP reform website).
PHASE 2 – GUIDANCE STRUCTURE AND MAPPING, PROCESS REVIEW AND INITIAL DEVELOPMENT OF ASSOCIATED TOOLS
The ICO will develop a structure for its GDPR guidance and decide how to prioritize the work to refresh or create new guidance. This will cover content for organisations and the public. The ICO says it will “also seek to develop more practical tools and resources to assist stakeholders with their compliance, particularly those in the small to medium sized enterprises (SME) bracket”.
PHASE 3 – BULK GUIDANCE REFRESH/PRODUCTION AND REVIEW
During this phase the ICO will write and finalise the guidance and will also complete the development of any practical tools we have decided to pursue.
This article is intended for informational purposes only and should not be relied upon as legal advice.