The UK and French Data Protection authorities (the ICO and the CNIL) are consulting on their respective draft GDPR guidelines until October 10, 2017 for the UK and October 19, 2017 for France.
The CNIL consultation is on international data transfers and transparency guidelines while the the ICO consultation is about contract and liabilities between controllers and processors.
It is not the first time the Data Protection Authorities are consulting on their draft GDPR guidance. So far the following themes have been subject to a public consultation in order to draft final GDPR guidance that will be adopted by the WP29 (group of the EU Data Protection Authorities):
- Data portability
- Data Protection Officer
- Data Protection Impact Assessment
- Certification
- Consent
- Profiling
- Data Breach Notification
As of today, final GDPR guidelines have been adopted regarding Data Portability, Data Protection Officer and the One Stop Shop provision (i.e. lead supervisory authority)
The DPIA guidelines are about to be adopted by the end of the year (a draft version has already been adopted)
Guidelines regarding consent, profiling and data breach notification are under progress.
The GDPR being enforceable from May 2018, it will be difficult for organisations to be fully compliant if guidance are coming only a few months before the deadline. Let’s hope the authorities will give more time to companies for getting ready.
Here are the links to the public consultation if you wish to participate to the open consultation closing respectively on October 10 and October 19, 2017:
ICO contract and controllers/processors liabilities
CNIL transparency and international transfers
This post is also available in fr_FR.