May the fourth be with you GDPR - finally approved and in force from 25 May 2016!

The European Parliament formally adopted the General Data Protection Regulation ("GDPR") and it was then published in the EU Official Journal on 4th May 2016. Star Wars fans and data protection geeks alike were no doubt cheering 'May the fourth be with you' all day yesterday.  From today, 5th May 2016, the 20 day countdown period commenced and the GDPR will come into force on 25 May 2016. After the 2 year implementation period, it will become directly applicable and enforceable in all Member States from 25 May 2018.

Organisations must therefore now begin ensuring that new policies, procedures and systems are in place to ensure compliance.

The ICO has created a micro-site dedicated to updates on the GDPR and aims to ensure that all relevant GDPR guidance and any guidance updated in light of the GDPR will be added to that site. The ICO's initial posting on the site sets out a useful guide on 12 suggested steps to take now in order to prepare for the GDPR.

The EU Article 29 Working Party ("Art29 WP") has also published its action plan outlining how the GDPR should be implemented. The Art29 WP highlights 4 priority areas:

1. Setting up the European Data Protection Board ("EDPB") structure and its administration;
2. Preparing the One-Stop-Shop and the consistency mechanism;
3. Issuing guidance for data controllers and processors; and
4. Communication around the EDPB and the GDPR.

Many of our clients have begun asking us for bespoke advice on how the GDPR will affect them and have asked us to carry out data protection compliance and gap analysis audits, highlighting increased compliance risks under the proposed GDPR changes.  If we can assist you with this also, please do contact us.