GDPR: Our Interpretation of the ICO’s Guidance on Profiling

Fill in your contact detail and we’ll send you a…

[contact-form-7 404 "Not Found"]

If you work within a data-driven business handling or processing data, you will be aware of the guidance released by the Information Commissioner’s Office (ICO) and Article 29 Working Party on the General Data Protection Regulation (GDPR).

The new legislation, which will apply from 25th May 2018, has businesses across the EU taken aback at how strict the terms and conditions are. Discussions are ongoing with regards to the limited time given to prepare, but organisations should assume GDPR legislation will go ahead without delay, regardless of interfering factors such as Brexit or otherwise.

In few words, the GDPR is “intended to strengthen and unify data protection for individuals within the European Union (EU) along with addressing the export of personal data outside the EU”. In accordance to the EU, personal data is classified as “any information relating to an identified or identifiable person”.  This applies to businesses not only within the EU, but businesses outside of the EU whom are providing services to those within.

Now we can assume that most of the rules under Data Protection Act 1998 (DPA) will remain the same, but with additional updates to better comply with EU law. If you act compliantly under the DPA, then preparing for the new legislation will be a much easier process for your business.

The GDPR will have significant effects on the way businesses operate direct marketing practises, in both B2C and B2B arenas. For example, consent needs to be gained `at activity level` from a branded organisation, with the third party removed from the consent process entirely.

New GDPR law lies heavily with the topics of handling personal data, being able to demonstrate consent of personal data obtained, `unambiguous consent`, transparency and fairness with regards to processing or handling personal data.

We realise Profiling is a difficult area to understand at the moment, largely because we are awaiting further guidance from the ICO.


¹ Preparing for the General Data Protection Regulation (GDPR) 12 steps to take now 

² The ICO’s GDPR consent guidance- tell us how you’ll be affected 

GDPR: Our Interpretation of the ICO’s Guidance on Profiling is in full here;

Our Interpretation of the ICO’s Guidance on Profiling

If you have any comments or further thoughts on the ICO’s GDPR guidance, we’d love to hear from you.

Tweet us @themediaoctopus, or email [email protected] to start the conversation.