ICSA releases guidance to improve board awareness of GDPR data responsibilities

London, 6 November 2017 – ICSA: The Governance Institute has released guidance to facilitate conversations between the board and those within organisations responsible for dealing with data to help them deal more effectively with the implications of the forthcoming EU General Data Protection Regulation (GDPR). Alongside an overview of the new legal landscape, the guidance highlights the strategic and practical considerations raised by GDPR.

According to Peter Swabey, Policy and Research Director at ICSA, “When GDPR comes into force on 25 May next year, decision-makers at the highest levels will need clear, reliable updates from those more closely involved in the management of data throughout the organisation. Company secretaries will need to act as conduits for information from multiple functions including legal, HR, IT and other departments, such as customer services and marketing, in order to help board members to raise appropriate questions with management and assist respondents by highlighting important or missed considerations. This guidance will help facilitate dialogue between all parties needing to engage on this important issue.”

Prepared with the assistance of a working group comprised of ICSA members and Baker & McKenzie LLP, the guidance offers further information about the requirements that could act as a checklist for those closer to the detail of implementation. It also provides examples of how practical considerations could be addressed.

The guidance breaks the legislation down into three key areas:

  • Data basics
  • Dealing with individuals
  • Governance and risk management.

“Organisations of all shapes and sizes need to be ready to meet the requirements of GDPR, whether operating within the EU, operating outside the EU but offering goods or services to individuals within the EU or operating outside the EU and ‘profiling’ individuals within the EU. The new accountability principle will make it even more important to have well-documented procedures that genuinely embed data protection into the way the organisation functions. This guidance should go some way to helping organisations prepare for GDPR effectively and lessen the risk of incurring the hefty penalties for non-compliance,” added ICSA Policy Manager (Corporate) Liz Bradley, author of the guidance.

- Ends -

For further information, please contact Maria Brookes, Media Relations Manager:

mbrookes@icsa.org.uk  
+44 (0)20 7612 7072
+44 (0)7890 649 143


Notes to Editors:

ICSA: The Governance Institute is the professional body for governance. We have members in all sectors and are required by our Royal Charter to lead ‘effective governance and efficient administration of commerce, industry and public affairs’. With over 125 years’ experience, we work with regulators and policy makers to champion high standards of governance and provide qualifications, training and guidance.
Website: www.icsa.org.uk 

The guidance can be viewed at www.icsa.org.uk/gdpr 

Search ICSA