The UK Digital Minister Matt Hancock has confirmed in a written statement that the General Data Protection Regulation (the “GDPR”) will come into force in the UK in May 2018 despite the UK’s move towards Brexit.
The confirmation follows a comment made by the Culture Secretary Karen Bradley in Parliament, where she stated that “we will be members of the EU in 2018 and therefore it would be expected and quite normal for us to opt into the GDPR and then look later at how best we might be able to help British business with data protection while maintaining high levels of protection for members of the public”.
At the same time, the Information Commissioner’s Office (the “ICO“) has published its first guide explaining how to comply with both the existing Data Protection Act 1998 (the “DPA“) and the GDPR.
The updated Privacy Notices Code of Practice (the “Code“) sets out the ICO’s guidance in relation to communicating privacy information to individuals. Being transparent and providing accessible information to individuals about how their personal data will be used are key elements of both the DPA and the GDPR. The most common way to provide this information is in a privacy notice and the Code provides guidance on how to comply with the regulatory requirements, including those in the GDPR, which provides more detailed requirements for privacy notices than those currently provided for in the DPA.
The Code provides practical guidance to demonstrate that personal data is used fairly and transparently, as well as detailed guidance on the content and placement of privacy policies and notifications communicated to individuals.
To view a copy of the ICO Code of Practice on Communicating Privacy Information to Individuals, please click here.