The Article 29 Working Party (“WP29”) has issued guidelines and FAQs on some of the key new requirements and principles under the General Data Protection Regulation (“GDPR”), namely regarding:
- Data Protection Officers
- the new right of data portability; and
- identifying an organisation's main establishment/ lead supervisory authority.
The guidance is helpful in clarifying some of the terms used and explaining how these requirements will apply to data controllers and data processors in practice.
Guidance is also expected on the following early next year:
- ICO guidance on consent and profiling.
- WP29 guidance on the concept of risk and conducting a Data Protection Impact Assessment; and
- WP29 guidance on certification.
The guidance will be published on the ICO’s website and updates will be flagged on twitter and in the ICO’s e-newsletter. For more information about the GDPR, please see our briefing note.