Government calls for submissions for GDPR derogations

Consultation exercise over "flexibilities" permitted within GDPR

The Department for Culture, Media and Sport (DCMS) has called for organisations to submit their views on derogations to the General Data Protection Regulation (GDPR), under which firms could be fined as much as four per cent of turnover for security breaches in just 13 months time.

"This consultation approach is an opportunity to inform our derogations policy and is complemented by discussions we are already having with a range stakeholders," claimed the DCMS in its call for submissions.

However, organisations only have until 10 May to respond, either in writing or by emailing responses to [email protected]

The derogations would enable organisations that have to report a security breach or leak of personal data to ask for leniency from the Information Commissioner's Office (ICO) when its case is judged, either because of the nature of their activity, such as archiving and research in the public interest, scientific or historical research purposes, or because they can demonstrate that they have acted responsibly.

Hence, derogations could include demonstrating compliance in various ways, such as codes of conduct established across the organisation and certifications, particular from well-known standards bodies such as BSI Group.

Organisations would also be expected to have appointed a data protection officer, which would provide another derogation - although the ICO could, equally, come down harder on an organisation that has a data protection officer, but one who has clearly been marginalised.

Other derogations that the DCMS is seeking opinions on include the so-called ‘right to be forgotten', automated individual decision-making (including profiling), processing of personal data related to criminal convictions and offences, processing of children's data by online services, and freedom of expression in the media.

The government is also looking for input on various aspects of data processing and on Article 23 of the GDPR, which relates to national restrictions of rights and duties under the GDPR.

Join Computing in London on 4 May for the Cyber Security Strategy Briefing 2017 for the Financial Sector.

Speakers include Adam Koleda, IT director of insurance firm BPL Global; Peter Agathangelou, associate director of Hamilton Fraser Insurance; and, Dr Kuan Hon, consultant lawyer at law firm Pinsent Masons.

Attendance is free to qualifying IT professionals and IT leaders - register now!