The Information Commissioner’s Office (ICO) today announced an open consultation on certain draft guidance relating to elements of the General Data Protection Regulation (GDPR).
What the draft GDPR guidance means for data controllers
The main area of the ICOs consultation is around contracts and liabilities between data controllers and processors. There is already a requirement in the current Data Protection Act‘s principle 7 relating to security measures. In the draft guidance of the GDPR however, the regulation requires much more detail when it comes to contracts. Organisations will be required to, when writing contracts, aim to set high standards, as well as protect the interests of their data subjects.
These contracts relate directly to the data processors that are employed to handle your data, as well as when they then employ another processor to work on their behalf.
What GDPR means for data processors
A data processor is generally considered to be a third party that processes personal data for another organisation. The responsibilities and liabilities the data processor are given new consideration in the GDPR, relating to the payment of damages and fines in the event of a breach.
You have until 10 October to submit your views in the ICOs open consultation, which will be published late 2017. So what do you think about the proposed guidance? Do you see it affecting you and your organisation?