Thoroughly knowledgeable,
very pragmatic and

Chambers Guide


Keep up to date with our latest insight pieces, news and industry developments. See below for the latest posts or use the categories to hone your search for stories of interest.

Rather listen? The WABChats Podcast provides engaging and informative conversations with contacts, clients, advisors and friends of White & Black Limited. Listen Now.

ICO updates roadmap for further GDPR guidance

The UK’s data protection authority, the Information Commissioner’s Office (ICO) has announced what guidance organisations can expect to receive on the General Data Protection Regulation (GDPR) throughout 2017.

The ICO participated in the recent Article 29 Working Party (WP29) guidelines on data protection officers, data portability and lead supervisory authorities discussed above. The ICO will continue to contribute to the further guidance documents that WP29 intend to publish this year on the following topics:

  • Administrative fines
  • High risk processing and Data Protection Impact Assessments
  • Certification
  • Profiling
  • Consent
  • Transparency
  • Notification of personal data breaches
  • Tools for international transfers

The ICO’s main guidance for the GDPR is currently contained in the Overview to the GDPR document which is a living document that will be continually updated and added to as GDPR developments unfold.

The ICO will be looking at the topics of contracts and liability, consent, profiling, risk and children’s personal data and will be publishing guidance and discussion papers as appropriate during 2017.

WAB Comment

Further guidance will be welcomed by organisations impacted by the GDPR as it is not yet clear to what extent some of the more complex areas of compliance with the GDPR will apply in practice.

Accountability is a new principle under the GDPR and the Information Commissioner, Elizabeth Denham, recently spoke about the importance of compliance and governance in small businesses stating that small businesses “tend to be less well prepared” when complying with data protection law. Practical guidance with useful examples will help businesses of all sizes to fully prepare themselves for the incoming GDPR in May 2018.

You can read our previous blog posts on GDPR here.

This blog post was written by Amelia Day, trainee solicitor at White & Black.

Disclaimer: This article is produced for and on behalf of White & Black Limited, which is a limited liability company registered in England and Wales with registered number 06436665. It is authorised and regulated by the Solicitors Regulation Authority. The contents of this article should be viewed as opinion and general guidance, and should not be treated as legal advice.

This site uses cookies to improve your user experience. By using this site you agree to these cookies being set. To find out more see our cookies policy