The first guidance on the implementation of the General Data Protection Regulation will be published by the end of 2016, the UK’s data watchdog has said.

Information commissioner promises first guidance by end of 2016 – Photo credit: DCMS

Speaking at the National Association of Data Protection and Freedom of Information Officers conference earlier this week, information commissioner Elizabeth Denham offered more details of the work being done to prepare for when the European Union regulation comes into force in May 2018.

There have been months of speculation over the UK’s adoption of the regulation, given the vote to leave the EU in June, but culture secretary Karen Bradley last month told MPs that it would “be expected and quite normal” for the UK to opt in to it when it came into force.

Denham welcomed the fact there was “more certainty today than we had six months ago” around data protection, and set out the work the Information Commissioner’s Office was doing to help organisations and businesses prepare.

Related content

ICO to appoint a technology adviser role in effort to boost tech capacity
Brexit for good? Seeking facts on the digital opportunities of leaving the EU
Unlocking the power of big data

Denham said that it was working with the body that encompasses all the data protection authorities across Europe, the Article 29 Working Party, to draft guidance for organisations.

“The first pieces likely to be published address the role of the Data Protection Officer, the new right of data portability and how to identify an organisation’s main establishment and lead supervisory authority,” she said, adding that they were due by the end of 2016.

After that there will be guidance on the concept of risk and how to carry out a data protection impact assessment, which is due to be completed in February 2017.

Meanwhile, the ICO is working on its own big data report, due by the end of this year, and further guidance on consent and profiling, which Denham said would be complete by January.

However, Denham also addressed the long-term uncertainty around data protection post-Brexit, saying that the ICO would “be at the centre of any conversations, and will be banging our drum for continued protection for consumers, clear laws for organisations, and all the usual aspects that we’ll need to continue trading with Europe”.

She has previously acknowledged that this is a strong stance for a regulator, saying in a speech to an industry conference in September that “regulators general don’t lobby”.

But she added, when the “conversation is about the future of data protection in the UK, the ICO is determined to be part of that conversation”.

Denham also confirmed there would be changes at her office, with the departure of deputy commissioner Simon Entwistle in summer 2017 and a new chief technology officer and a dedicated parliamentary and government affairs team to be appointed.

The ICO will also “reinforce” its international team to ensure they are “as influential as possible” globally and appoint a senior legal counsel.

She also confirmed that she would be pushing government to do more to extend the Freedom of Information Act to cover “private bodies that are basically doing work on behalf of the public” and crack down on slow response rates by government itself.