ICSA: The Governance Institute has released guidance to facilitate conversations between Boards of Directors and those within organisations responsible for dealing with data to help them cope more effectively with the implications of the forthcoming EU General Data Protection Regulation (GDPR). Alongside an overview of the new legal landscape, the guidance highlights the strategic and practical considerations raised by the GDPR.
Peter Swabey FCIS, policy and research director at ICSA, told Risk UK: “When the GDPR comes into effect next May, decision-makers at the highest levels will need clear and reliable updates from those more closely involved in the management of data throughout an organisation. Company secretaries will need to act as conduits for information from multiple functions including legal, HR, IT and other departments, such as customer services and marketing, in order to help Board members raise appropriate questions with management and assist respondents by highlighting important or missed considerations. This guidance will help to facilitate dialogue between all parties needing to engage on this important issue.”
Prepared with the assistance of a Working Group comprised of ICSA members and representatives from Baker & McKenzie LLP, the guidance offers further information about the requirements that could act as a checklist for those closer to the detail of implementation. It also provides examples of how practical considerations could be addressed.
The guidance breaks the legislation down into three key areas: data basics, dealing with individuals and governance and risk management.
“Organisations of all shapes and sizes need to be ready to meet the requirements of the GDPR, whether operating within or outside of the EU, but offering goods or services to individuals within the EU or operating outside the EU and ‘profiling’ individuals within the EU,” added Liz Bradley, ICSA policy manager (corporate) and author of the guidance. “The new accountability principle will make it even more important to have well-documented procedures in place that genuinely embed data protection into the way in which an organisation functions. This guidance should go some way towards helping organisations to prepare for the GDPR effectively and lessen the risk of incurring the hefty penalties being proposed for non-compliance.”
ICSA: The Governance Institute is the professional body for governance. The organisation has members in all sectors and is required by its Royal Charter to lead ‘effective governance and efficient administration of commerce, industry and public affairs’. With over 125 years’ experience, the organisation works alongside regulators and policy-makers alike to champion high standards of governance and provide qualifications, training and guidance.
*For further information on ICSA: The Governance Institute access the website