Data privacy addicts are being urged to take a 12-step programme – by no less than the UK's Information Commissioner's Office.
The ICO, which is the Brit government agency responsible for enforcing Britain's rather weak data laws, has issued guidance for companies to seek redemption ahead of the EU GDPR rules coming into force in the UK this May.
The checklist [PDF, 11 pages] warns firms that there are "new elements and significant enhancements" when comparing GDPR with existing laws in the UK.
Those 12 steps, without elaboration, are:
- Information you hold
- Communicating privacy information
- Individuals' rights
- Subject access requests
- Lawful basis for processing personal data
- Data breaches
- Data protection by design and data protection impact assessments
- Data protection officers
Got that? Good.
While the EU and the ICO might hope that GDPR becomes as addictive for data and privacy geeks as the other famous 12-step programme, it appears that a lot of British firms are fairly lukewarm about it and haven't really noticed.
The EU Commission has threatened its member states with an "infringement procedure" if they don't introduce their own laws transposing the GDPR, an EU legal instrument, into their own national laws ASAP. ®