The Article 29 Working Party – the group of EU data protection authorities charged with agreeing European-wide guidance on GDPR – has published guidelines on profiling and breach reporting. Guidelines on administrative fines that were adopted earlier this month, will be published soon too.
Consistency across the EU is one of the fundamental drivers of the GDPR and, as the UK member of Article 29 (WP29), we’re either leading or assisting in the development of guidance on some of the main aspects of the law.
For example, the feedback we received from stakeholders on our discussion paper on profiling and automated decision-making, helped us in leading the important discussions that resulted in the final European guidelines.
Similarly, consultation responses to our draft guidance on consent are informing our discussions in Europe too. Once WP29 publishes its guidelines – expected by the end of this year – we can continue refining our own, UK-specific guidance on this.
We’re also playing a central role in drafting Europe-wide guidelines on transparency.
In addition to our work at European level we are continuing to work on the wider suite of ICO guidance, prioritising areas that are not on the WP29 workplan but where we have identified a particular need and we think we can add value for our UK audience.
For example, in response to feedback on our draft consent guidance, we’ve committed to produce guidance on the other lawful bases for processing, including legitimate interests.
We have published draft guidance on contracts between data controllers and processors, and we are currently analysing the feedback we received in order to produce the final version. We will also issue guidance on accountability and documentation, and on children’s data, for consultation.