The ICO have opened consultation on their Regulatory Action Policy which sets out how the ICO will deal with the organisations it regulats under various legislation, including the General Data Protection Regulation (GDPR or the Data Protection Bill as it will be in the UK once we leave Europe), the Freedom of Information Act and the Privacy and Electronic Communications Regulations (PECR)
The Policy lists the enhanced powers built into the GDPR/DPB, which include no-notice inspections of organisations to check they are compliant, and making it a criminal offence to destroy data. It builds on the responsibilities and powers laid out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
James Dipple-Johnstone, Deputy Commissioner, ico.
The policy consultation can be found here.
The General Data Protection Regulation brings with it new powers for the ICO, giving them the ability to penalise organisations upto £17 million or 4% of global turnover, whichever is the greater. These will be likely used against persistent offenders, those who show an obvious neglect of how they manage personal data, and where significant security breaches happen.
You can find out more about the GDPR here.
The Privacy and Electronic Communication Regulation protects the privacy and rights of people and organisations in relation to electronic communication, specifically it governs email, phone, text messages and fax and how they can be used in marketing, how cookies are to be used (the ‘cookie law’) and protection of customer data such as caller line identification data, location data and directory listings.
James Dipple-Johnstone said that the ICO have been working on ways to quickly secure the evidence needed to investigate breaches, and have worked with the Government to amend the Data Protection Bill so they can issue notices to individuals and organisations that need to be complied with within 24 hours, and the ability to inspect compliance without notice. He said this will give the ICO the power to investigate systems in situ and to secure evidence.
#WeCanHelp
We can continue to support you by processing your incoming user requests and monitoring your processes to make sure your organisation remains GDPR compliant.
Contact Us Today!
Some of the GDPR specific services we offer include:
Leave a Comment