We will update this page monthly to highlight and link to what’s new in our Guide to the UK GDPR.
We have published new guidance on the national security exemption in Part 2 of the DPA18
We have published an Updated BCR communication following the EU-UK Trade and Co-operation Agreement to the International transfers after the UK exit from the EU Implementation Period.
We have updated our guidance on Personal data breaches.
We have published the Accountability Framework, which provides detailed guidance on complying with the accountability principle.
We have updated the page in the lawful basis section on contract.
The European Data Protection Board (EDPB) has published Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects for consultation. Comments should be sent to EDPB@edpb.europa.eu.
We have published detailed guidance on encryption.
We have expanded our guidance on Exemptions.
We have expanded our guidance on International transfers.
The European Data Protection Board (EDPB) has published draft guidelines on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679 for consultation. The consultation will end on 12 July.
We have published detailed guidance on children and the GDPR.
We have published detailed guidance on determining what is personal data.
We have published detailed guidance on the right to be informed.
We have published detailed guidance on Data Protection Impact Assessments (DPIAs).
We have published detailed guidance on consent.
We have expanded the page on the right to data portability.
We have expanded the page on Accountability and governance.
We have expanded the page on Security.
We have updated all of the lawful basis pages to include a link to the lawful basis interactive guidance tool.
We have published detailed guidance on DPIAs for consultation. The consultation will end on 13 April 2018. We have also updated the guide page on DPIAs to include the guide level content from the detailed guidance.
We have published detailed guidance on legitimate interests.
We have expanded the pages on:
- Data protection impact assessments
- Data protection officers
- The right to be informed
- The right to erasure
- The right to rectification
- The right to restrict processing
The consultation period for the Article 29 Working party guidelines on consent has now ended and comments are being reviewed. The latest timetable is for the guidelines to be finalised for adoption on 10-11 April.
The consultation period for the Article 29 Working Party guidelines on transparency has now ended.
Following the consultation period, the Article 29 Working Party has adopted final guidelines on automated individual decision-making and Profiling and personal data breach notification. These have been added to the Guide.
We have published our Guide to the data protection fee.
We have published more detailed guidance on documentation.
We have expanded the page on personal data breaches.
We have published detailed guidance on Children and the GDPR for public consultation. The consultation closes on 28 February 2018.
The sections on Lawful basis for processing and Rights related to automated individual decision making including profiling contain new expanded guidance. We have updated the section on Documentation with additional guidance and documentation templates. We have also added new sections on legitimate interests, special category data and criminal offence data, and updated the section on consent.
The Article 29 Working Party has published the following guidance, which is now included in the Guide.
It is inviting comments on these guidelines until 23 January 2018.
The consultation for the Article 29 Working Party guidelines on breach notification and automated decision-making and profiling ended on 28 November. We are reviewing the comments received together with other members of the Article 29 Working Party and expect the guidelines to be finalised in early 2018.
The Article 29 Working Party has published guidelines on imposing administrative fines.
We have replaced the Overview of the GDPR with the Guide to the GDPR. The Guide currently contains similar content to the Overview, but we have expanded the sections on Consent and Contracts and Liabilities on the basis of the guidance on these topics which we have previously published for consultation.
The Guide to the GDPR is not yet a finished product; it is a framework on which we will build upcoming GDPR guidance and it reflects how future GDPR guidance will be presented. We will be publishing more detailed guidance on some topics and we will link to these from the Guide. We will do the same for guidelines from the Article 29 Working Party.
The Article 29 Working Party has published the following guidance, which is now included in our overview.
The Article 29 Working Party has also adopted guidelines on administrative fines and these are expected to be published soon.
In the Rights related to automated decision making and profiling we have updated the next steps for the ICO.
In the Key areas to consider we have updated the next steps in regard to the ICO’s consent guidance.
The deadline for responses to our draft GDPR guidance on contracts and liabilities for controllers and processors has now passed. We are analysing the feedback and this will feed into the final version.
We have put out for consultation our draft GDPR guidance on contracts and liabilities for controllers and processors.
In the Key areas to consider we have updated the next steps in regard to the ICO’s consent guidance and the Article 29 Working Party’s Europe-wide consent guidelines.
The Article 29 Working Party’s consultation on their guidelines on high risk processing and data protection impact assessments closed on 23 May. We await the adoption of the final version.
We have updated our GDPR 12 steps to take now document.
We have added a Getting ready for GDPR checklist to our self-assessment toolkit.
We have published our profiling discussion paper for feedback.
We have published our draft consent guidance for public consultation.
Article 29 have published the following guidance, which is now included in our overview: