Data protection is now a mainstream concern for the public according to the UK's Information Commissioner, Elizabeth Denham CBE.
Ms Denham was speaking at Fieldfisher's annual Privacy Summit held in London. In her keynote address to over 175 delegates she outlined the scale of the data protection challenge facing the country as well as the planned expansion of her office to deal with a surge in data breaches and concerns.
The Information Commissioner's Office (ICO) upholds information rights in the public interest and protects data privacy for individuals. The executive non-departmental public body, sponsored by the Department for Digital, Culture, Media & Sport has the power to levy fines on organisations who do not comply with various legislation including the GDPR, PECR (The Privacy and Electronic Communications Regulations) and the NIS Directive (the Directive on security of network and information services).
Since the GDPR came into force across the EU last May, the ICO has been at the forefront of raising awareness of the importance of data protection and the legal obligations incumbent on holders of data to ensure it is safeguarded.
Organisations are now obliged to notify the ICO of a data breach within 72 hours (subject to there being a risk to the rights and freedoms of individuals). In the first six months of the GDPR, the ICO recorded over 8,000 UK breach notifications. In the previous 12 months, under the voluntary code, it recorded just 3,300.
Elizabeth Denham, commented: "The GDPR is there to drive investment in data security and data governance and to ensure that organisations demonstrate data protection accountability. Unfortunately, there are still many companies who now think that their job is done and that their push for readiness ahead of last year's deadline was enough".
To meet the constantly evolving challenges, Ms Denham said that the ICO will expand to more than 800 staff by 2020. In that time it will also be completing statutory codes provided for under the Data Protection Act 2018 and other legislation. This will provide substantive detail on how data protection law will run in practice.
Less than one year into what she called 'the new normal' GDPR regime, Ms Denham said that the ICO was adopting a positive and proactive approach to regulation; that it was curious about different experiences and that is was willing to listen and learn.
Unsurprisingly, the threat of a no deal Brexit on 29th March is one of its main concerns. The ICO currently has a place on the EU Data Protection Board. Despite being incredibly well regarded internationally, there is no guarantee that it will have even a non-voting place on the board post-Brexit although at the very least she said that it would like a 'strong relationship' with the EU.
While the UK government has guaranteed that data flows from the UK to the European Economic Area will be maintained in the event of a no deal Brexit, this has not yet been publically reciprocated.
Ms Denham concluded her keynote address by saying that "the most dangerous phrase in the English language is 'we've always done it like this'". With new threats to privacy emerging all the time and with the exhilarating development of digital, no organisation can afford to be complacent.
Hazel Grant, head of privacy, information and security, Fieldfisher commented: "Privacy and data protection are no longer niche concerns. The GDPR has significantly raised the stakes for all organisations. And almost one year since the GDPR, the UK has been one of the most successful countries in raising awareness of data protection and cybersecurity among individuals and in ensuring compliance from UK companies and international companies based here."
ENDS