Get ready for the new data protection regime – the ICO’s 12-step checklist

7 June, 2016
by: Cripps Pemberton Greenish

Current data protection laws are due to be reformed by the General Data Protection Regulation (GDPR) which is expected to come into force in mid-2018. Many UK organisations will be required to alter their existing practices to ensure compliance with the new provisions.

The Information Commissioner’s Office (ICO) has published guidance on preparing for the GDPR in the form of a 12-step checklist which highlights aspects of the GDPR that are likely to have the greatest impact.

Organisations are encouraged to begin preparing for the coming changes now as, depending on the size or complexity of the business, they could have significant budget, IT, governance and communication implications. The ICO advises that compliance will be difficult if left to the last moment.

Changes of note include:

  • Privacy notices will need to contain additional information;
  • Individuals will have a new right to “data portability” (to receive data electronically and in a commonly used format).
  • Businesses will have to comply with subject access requests within a month rather than the current 40 days.
  • Special protection for children by way of requiring parent or guardian consent to process the child’s data.
  • A duty to notify the ICO of a personal data breach will be extended to cover every organisation. Failure to report a breach when required could result in a fine, as well as a fine for the breach itself.

The guidance can be accessed via the following link:      

For more information please contact Kathryn Rogers.