By JP Buckley, Matt Quezada, Jess Dick

It’s been five months since GDPR became enforceable. The 25 May deadline has come and gone, but organisations must continue to focus on their data protection obligations – the Information Commissioner has referred to this as an ongoing compliance journey.

Part of that is not just keeping up with the ongoing actions to comply, but awareness of, and applying, the regulatory guidance changes still emerging. With data protection headline news each week, whether it be fines, lobbying for US data protection laws or other concerns around data use, now is a great time to uplift your compliance approach. The Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection, provided guidance and support to businesses and individuals in the run up to the GDPR deadline, and has continued to do so. This guidance has largely been amalgamated into the ICO’s ‘Guide to the General Data Protection Regulation’ (the ICO Guide). It also refers to the European Data Protection Board’s guidance (the organisation replacing the Article 29 Working Party).