General Data Protection Regulation News
By David Menzies, Director of Practice
4 May 2018
This page will be updated with new resources or latest news on GDPR as they become available. Please keep visiting for updates.
No results were found
6 December 2018 - GDPR: Implications for auditors
6 December 2018 – Accountancy Europe has published a paper GDPR: Implications for auditors. The publication aims to clarify whether auditors are data controllers or data processors under GDPR.
23 May 2018: Data Protection Act 2018
The Data Protection Bill has now been approved by Parliament and has received Royal Assent. The Data Protection Act 2018 becomes effective on 25 May 2018 and complements GDPR implementation in the UK. Information on the Data Protection Act 2018 is available from the ICO website.
18 May 2018: ICAS provides practical guidance for IPs
ICAS has issued practical guidance for Insolvency Practitioners on how GDPR will affect insolvency appointments.
9 May 2018: Changes to data protection fees
The Data Protection (Charges and Information) Regulations 2018 (the Regulations) will come into effect on 25 May 2018 and, together with other legislative changes, will amend the requirement for data controllers to be registered with the Information Commissioners Office (ICO). Although there will no longer be a requirement for Data Controllers to be registered with the ICO, there will remain a requirement for data controllers to pay an annual fee to the ICO, unless all of the data processing carried out is exempt processing.
The Regulations set the fee payable as follows:
| Tier Criteria | Fee Payable | |
|---|---|---|
| Tier 1 (Micro Organisations) | i.turnover of less than or equal to £632,000 for the data controller’s financial year, ii.staff of the data controller is less than or equal to 10, iii.a charity, or iv.small occupational pension scheme | £40* |
| Tier 2 (Small and medium organisations) | is not in tier 1 and - i.has a turnover of less than or equal to £36 million for the data controller’s financial year, or ii.the number of members of staff of the data controller is less than or equal to 250 | £60* |
| Tier 3 (Large organisations) | is not tier 1 or tier 2 | £2900* |
*The fee is reduced where the data controller makes payment by direct debit
Existing data controllers will only be liable for the new fee when their existing data controller registration expires.
Further information is available on the ICO website and their Guide to the data protection fee.
3 May 2018: ICAS issues example data processing register
A number of queries have been received on how the data processing register template provided in support of the ICAS GDPR Guide should be completed. To provide some guidance an example case study and supporting data processing register has been produced.
3 May 2018: Interactive tool for lawful basis
The Information Commissioners Office have updated their interactive tool for guidance to assess the lawful basis of processing to include indicative ratings based on your answers. The interactive tool can be accessed here.
3 May 2018: WP29 guidance on consent
The EU Article 29 Working party have issued updated guidance on consent. The guidance includes helpful examples to demonstrate how GDPR provisions on consent should be interpreted and implemented.
3 May 2018: WP29 guidance on transparency
The EU Article 29 Working party have issued guidance on transparency. The guidance includes helpful examples to demonstrate how GDPR provisions on transparency should be interpreted and implemented.