[kenbaylor]

Each country will have a Data Protection Authority (DPA) which is the regulator in the country. The ICO is the one in the UK.

The last letter of the GDPR is Regulation. A regulation is very different than than a Directive (the pre-GDPR law is based on a directive). There is very little wiggle-room with a Regulation, even between countries. The ICO also works with other DPAs currently as part of Working Party 29, which ensures the DPAs are working in Sync.

So the ICO advice is worthy of close study, especially if your local DPA (assuming you have one) has not commented or given guidance on a certain matter.

[barrkel]

To add, the difference between directive and regulation is in Article 288 of the TFEU:

To exercise the Union's competences, the institutions shall adopt regulations, directives, decisions, recommendations and opinions.

A regulation shall have general application. It shall be binding in its entirety and directly applicable in all Member States.

A directive shall be binding, as to the result to be achieved, upon each Member State to which it is addressed, but shall leave to the national authorities the choice of form and methods.

[arrrg]

Basically, a regulation is like a law. It’s directly binding as law.

A directive is something member states have to implement themselves, probably also by passing a law using their own national process for doing so. As such there can be (greater) differences in the different national implementations of the directives.