Alert

Recommended Alerts

Sign Up For Alerts

ICO Draft Statutory Guidance on Regulatory Action

The Information Commissioner’s Office (ICO) has published for consultation its draft “Statutory guidance on our regulatory action” detailing how it will exercise its regulatory functions when issuing information notices, assessment notices, enforcement notices and penalty notices. The document sets out the ICO’s risk-based approach to taking regulatory action against organisations and individuals that have breached data protection law. The ICO’s focus is on the areas of highest risk and most harm. The guidance sets out the principles the ICO will apply along with details of the nature of the ICO’s various statutory powers and how it will exercise them in a “fair, proportionate and timely” manner to guarantee that individuals’ rights are properly protected. It also sets out how the ICO will deal with privileged communications. The consultation closes on 12 November 2020.

Read More

An Update on Brexit and the Implications for General Data Protection Regulation (GDPR)


Time to Read: 1 minutes Practices: Data, Privacy & Cybersecurity, Privacy & Cybersecurity Compliance and Counseling, Incident Response and Preparedness, Regulatory Enforcement & Civil Litigation

Printer-Friendly Version

Following the “Leave” result of the United Kingdom’s referendum on its membership in the European Union, there has been uncertainty regarding the implementation of the General Data Protection Regulation (GDPR) due to come into effect on 25 May 2018. Our report on the GDPR explains the key changes to Data Protection Law.

On 24 October 2016, the Secretary of State for Culture, Media and Sport, Karen Bradley MP, confirmed that the UK will still be in the EU in 2018 and will be opting-in to the GDPR. As a result, businesses collecting or using personal data while providing goods or services in the EU of EU data subjects will be subject to the new regulations.

The UK’s data protection authority, The Information Commissioner’s Office, supports this stance taken by the government and has confirmed it will issue a statement in the next month setting out a timeline for publishing its guidance on the GDPR in the upcoming months.

Both the ICO and UK government have reiterated the necessity of complying with the GDPR. In light of the increased scope of fines for non-compliance with the GDPR, it is imperative that businesses assess the steps they need to take to ensure compliance by May 2018.

For more information regarding the GDPR and its potential impact, please contact Ropes & Gray’s leading privacy & data security team.

Printer-Friendly Version

Cookie Settings