ICO Regulatory Action Policy

Published by tinsleyNET Admin on

The Draft Regulatory Action Policy

The ICO have opened consultation on their Regulatory Action Policy which sets out how the ICO will deal with the organisations it regulats under various legislation, including the General Data Protection Regulation (GDPR or the Data Protection Bill as it will be in the UK once we leave Europe), the Freedom of Information Act and the Privacy and Electronic Communications Regulations (PECR)

The Policy lists the enhanced powers built into the GDPR/DPB, which include no-notice inspections of organisations to check they are compliant, and making it a criminal offence to destroy data. It builds on the responsibilities and powers laid out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

“Our approach is designed to protect people’s information but also ensure that business is able to function and innovate in the digital age. We’ll target our most significant powers on repeated, wilful or serious failures to take proper steps to protect personal data and deliver information rights. Our formal regulatory action will serve as an important deterrent where it needs to.”

James Dipple-Johnstone, Deputy Commissioner, ico.

The policy consultation can be found here.

GDPR

The General Data Protection Regulation brings with it new powers for the ICO, giving them the ability to penalise organisations upto £17 million or 4% of global turnover, whichever is the greater. These will be likely used against persistent offenders, those who show an obvious neglect of how they manage personal data, and where significant security breaches happen.

You can find out more about the GDPR here.

PECR

The Privacy and Electronic Communication Regulation protects the privacy and rights of people and organisations in relation to electronic communication, specifically it governs email, phone, text messages and fax and how they can be used in marketing, how cookies are to be used (the ‘cookie law’) and protection of customer data such as caller line identification data, location data and directory listings.

Faster ICO

James Dipple-Johnstone said that the ICO have been working on ways to quickly secure the evidence needed to investigate breaches, and have worked with the Government to amend the Data Protection Bill so they can issue notices to individuals and organisations that need to be complied with within 24 hours, and the ability to inspect compliance without notice. He said this will give the ICO the power to investigate systems in situ and to secure evidence.

#WeCanHelp

tinsleyNET IT Servces Consultants #WeCanHelpThere’s a lot of work that needs to be done getting GDPR compliant, we can take the burden off you and create the policies, documentation and processes you need to make sure your organisation is compliant.

We can continue to support you by processing your incoming user requests and monitoring your processes to make sure your organisation remains GDPR compliant.

Contact Us Today!

Some of the GDPR specific services we offer include:GDPR General Data Protection Regulation

  • Data Protection Officer Services
  • Policy Writing
  • Data Handling
  • ICO Registering
  • Process Monitoring
  • Process Assessment


it@tinsleynet.co.uk


07825 650122


Contact Us

Categories: GDPRPolicyRegulatory Action Policy
Tags:

0 Comments

What are your thoughts?

Related Posts

Home Office GDPR
Data Protection Act 2018

Understanding how GDPR fits into the new normal.

There are so many benefits to working from home, and with the enforced home working caused by the coronavirus lockdown, it's suddenly a more appealing prospect. But with home workers there are some extra data security measures you need to consider and plan for. #WeCanHelp #GDPR #HomeWorking

WorkFromHomeC19
Business Development

The Office (after Coronavirus)

The new normal doesn't have to be the old normal. With the benefits of working from home realised, your business can move to a more dynamic working arrangement with home office remote workers, a smaller office space and a greener future.

British Airways Logo
Data Breach

Why was British Airways fined so much?

Last year, British Airways suffered a data breach that resulted to the details of hundreds of thousands of its online user's details being stolen, including email details and credit card details including the 3-digit security code from the back.