The Guidance for public authorities covers their obligation to consult with the Information Commissioner’s Office on any proposals for legislative or statutory measures they are developing that involve the processing of personal data.
Article 36(4) of the GDPR states that “Member States shall consult the supervisory authority during the preparation of a proposal for a legislative measure to be adopted by a national parliament, or of a regulatory measure based on such a legislative measure, which relates to processing”.
This is a legally binding requirement on all relevant public sector organisations, and failure to adequately consult with the ICO on such proposals would constitute a breach of the GDPR. The DCMS makes it clear that this obligation will continue to apply via relevant domestic legislation following the UK’s departure from the EU.
The Guidance sets out a process by which all relevant public bodies should consult with the ICO to fulfil their obligations in respect of this requirement. To access the Guidance, click here.