The General Data Protection Regulation (GDPR) comes into force on 25 May 2018. The GDPR replaces the 1995 EU directive (Directive 95/46/EC) which was the basis for the UK’s Data Protection Act of 1998. Although the UK will be leaving the EU following the result of the Referendum on 23 June 2016, the Government has confirmed that the UK will be implementing the GDPR. Karen Bradley, the Secretary of State noted in evidence to the Culture, Media and Sport Committee, that
We will be members of the EU in 2018 and therefore it would be expected and quite normal for us to opt into the GDPR and then look later
at how best we might be able to help British business with data protection while maintaining high levels of protection for members of the public.
The Information Commissioners Office has already set up a website for data protection reform where they will be posting information about GDPR. UCISA will be producing a briefing paper on GDPR in due course; this page will act as a signpost to resources and activities from UCISA and beyond that will inform and support our members in their implementation of the Regulation. The Corporate Information Systems Group ran a webinar to look at some of the issues. In addition Craig Clark has written a blog post identifying the opportunities GDPR offers.
One of the key issues within the GDPR is consent. The Information Commissioner's Office has published guidance on this area and is currently consulting on that guidance. Jo Peddar's blog gives background details on the guidance; the guidance itself and the consultation document are available on the ICO website. The consultation closes on 31 March; UCISA will be submitting a response.
Overview of the GDPR (Information Commissioners Office)
Preparing for the GDPR – 12 steps to take now (Information Commissioners Office)
How the ICO will be supporting the implementation of the GDPR (Blog post by Elizabeth Denham, Information Commissioner)
EU-GDPR: Using the fear stick is a missed opportunity (Blog post by Craig Clark, Information Security and Compliance Manager at the University of East London)
GDPR - Twelve steps, sorted (Blog post by Andrew Cormack, Chief regulatory adviser, Jisc technologies)
GDPR: moving to Information Lifecycle registers? (Blog post by Andrew Cormack, Chief regulatory adviser, Jisc technologies)
07 March 2017