May 22, 2017
The ICO explains that the GDPR provides for various national derogations where Member States can introduce their own national law. Some of these derogations relate to detailed, technical matters. However, others are central to the functioning of an effective data protection regime, for example, those dealing with freedom of expression versus privacy or the modification of subject access rights in differing contexts.
The ICO says that it is important that the national discretions available in implementing derogations are considered as part of a proportionate and risk based approach to individuals’ information rights. “This will ensure that an effective framework for the protection of individuals remains in place”, it says.
The derogations should be clear in their effect ensuring that there is an effective data protection regime where organisations that must comply understand their obligations and any modifications of these, the ICO says.
The ICO’s general approach is “to favour replicating existing arrangements under the Data Protection Act 1998 where experience shows that they work satisfactorily”. This will “minimise disruption and bring certainty and coherence to the data protection regulatory regime”, it says. Essentially, the ICO supports the introduction of new derogations “only where we believe this to be necessary for the effective functioning of GDPR or where there is a clear need”. To read the ICO’s response in full, click here.