Data Protection developments: watch, respond and beware

You can now catch up on the key rule changes agencies need to know on the General Data Protection Regulation by listening to the first in the series of IPA webinars, produced with the law firm, Olswang.

In addition, the IPA is welcoming agency feedback on the Government’s call for views on the GDPR provisions on which the Government might have some flexibility which we will feed into our submission to the DCMS.

And there are new guidelines about Impact Assessments under the GDPR.

Says Richard Lindsay, IPA Director of Legal & Public Affairs: “Being able to demonstrate good personal data governance is good business practice and a legal requirement. Not only does it show individuals – be they employees, freelancers, client or supplier staff – that their personal data will be dealt with properly and protected, but it will prove an increasingly important requirement of advertiser clients. Advertisers will insist that agencies are fully up to speed with the new laws under the General Data Protection Regulation (GDPR) and those that do nothing will be in danger of losing existing clients and struggling to find new ones.”

Listen to the IPA/Olswang webinar on data protection,

The webinar is presented by Alex Dixie and Sarah Cramer of leading technology and media law firm, Olswang, and IPA Director of Legal & Public Affairs, Richard Lindsay:

EU General Data Protection Regulation from Olswang Client Connect on Vimeo.

Respond to IPA on DCMS call for views on the provisions of the GDPR

The DCMS has opened a call for viewson the provisions of the General Data Protection Regulation where the UK is entitled to exercise some discretion. Key topics include the processing of children’s personal data, research, and the role of Data Protection Officers. The IPA’s Legal & Public Affairs team will draft a response and members are welcome to provide comments in advance to IPA Director of Legal & Public Affairs, Richard Lindsay, at The closing date for responses is 10th May 2017.

Read new Article 29 Working Party guidelines on Impact Assessments under the GDPR, relevant to any organisation – including agencies – which may be involved in high-risk processing

The "Article 29 Working Party” (A29WP) is the short name for the influential Data Protection Working Party established by Article 29 of the European Data Protection Directive 1995. Its role is to provide the European Commission with independent advice on data protection matters and it produces guidance and opinions which carry a lot of weight.

With the General Data Protection Regulation (GDPR) coming into force across the EU in May next year, the A29WP is producing guidance on various aspects of the new Regulation.

Article 35 of the GDPR introduces the concept of Data Protection Impact Assessments (DPIAs) which are required for processing which is likely to result in a high risk. The A29WP has just produced new Guidelines on DPIAs. As the introduction to the guidelines explains, DPIAs are important tools for accountability because they help data controllers not only to comply with requirements of the GDPR, but also to demonstrate that appropriate measures have been taken to ensure compliance.

The Guidelines include: what DPIAs cover; what processing operations are subject to DPIAs; how to carry out DPIAs; and when the relevant supervisory authority should be consulted.


Last updated 21 January 2022