Elizabeth Denham marked 25 May last week, exactly a year before the GDPR applies in the UK and the other European Economic Area Member States by three initiatives, including issuing the ICO’s new Information Rights Strategic Plan 2017 – 2021.
The strategy includes a section on the ICO’s enforcement plans; ‘We understand that the proportionate and effective use of our regulatory sanctions serves as an important deterrent to those who risk noncompliance with the law. Under the EU data protection reform package (GDPR) we will also see an increase in the scale and impact of the sanctions at our disposal. We are committed to using these increased powers in ways which target the most serious areas of non-compliance.’
The ICO will issue a new Regulatory Action Policy as part of the preparations for the forthcoming EU data protection reform package, and this will be laid before Parliament in 2018. See the Information Rights Strategic Plan at https://ico.org.uk/media/2014134/20170413icoinformationrightsstrategicplan2017to2021v10.pdf
Rob Luke, Deputy Information Commissioner, who spoke on the same day at a Tech UK event said: “… as we’ve seen in well-publicised examples the cost to business of poor practice in this area goes above and beyond any fine we can impose. Losing your consumers’ trust could be terminal for your reputation and for your organisation.” He then struck a positive note:
“We would all prefer a win-win outcome. A model where organisations take an approach to data protection which earns the trust of consumers in a more systematic way. And where that trust translates into competitive advantage for those who lead the charge.” …. “People have legitimate concerns about surveillance, discrimination and the use of their data without consent. Data protection can be challenging in a big data context and some types of big data analytics, such as profiling, can be intrusive. We explore many of these issues in detail in our recently updated paper on big data, artificial intelligence, machine learning and data protection.”… He then announced a new idea that the ICO wanted to contribute to a “safe space” where companies can test their ideas recognizing “the circular rather than linear nature of the design process.” https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2017/05/will-gdpr-change-the-world-event/
The Commissioner’s new five minute video addressed to company boards about their responsibilities under the GDPR’s accountability principle is at https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2017/05/businesses-warned-to-prepare-with-one-year-until-data-protection-law-change/
Information Commissioner, Elizabeth Denham, will speak at promoting Privacy with Innovation, Privacy Laws & Business 30th Annual International Conference on Tuesday 4 July. To see the programme and to register, please go to www.privacylaws.com/ac30