January 23, 2017

Elizabeth Denham’s key message from the speech, which she delivered in London on 17 January at the Institute of Chartered Accountants in England and Wales, was: “We’re all going to have to change how we think about data protection”.

The GDPR brings many changes to the law on data protection. As Ms Denham said: “There’s a lot in the GDPR you’ll recognise from the current law, but make no mistake, this one’s a game changer for everyone”. Further, she said: “Accountability is at the centre of all this: of getting it right today, getting it right in May 2018, and getting it right beyond that”.

Ms Denham explained that the new legislation creates an onus on companies to understand the risks that they create for others, and to mitigate those risks. “It’s about moving away from seeing the law as a box ticking exercise, and instead to work on a framework that can be used to build a culture of privacy that pervades an entire organisation”, she said.

Good practice tools that the ICO has championed for a long time, such as privacy impact assessments and privacy by design, are now legally required in certain circumstances, Ms Denham said.

However, the shift in approach is needed and consumers want it. In Ms Denham’s view, “… it’s clear that a lot of people feel they’ve lost control of their own data. People feel that keeping control of their most important information used to be simple, but that over the years, their sense of power over their personal data has slipped its moorings”.

To meet the challenges presented by the new legislation, “we need to move from a mindset of compliance to a mindset of commitment: commitment to managing data sensitively and ethically”, Ms Denham said. Further, “If a business can’t show that good data protection is a cornerstone of their practices, they’re leaving themselves open to a fine or other enforcement action that could damage bank balance or business reputation”.

If, once the UK has left the EU, Parliament debates amending the requirements of the GDPR, Ms Denham said that the ICO would “be at the centre of any conversations around this, and will be banging our drum for continued protection and rights for consumers and clear laws for organisations”.

It is important to have the right mindset towards data protection at this uncertain time. “Having the right mindset towards data protection helps to future proof a business. It will put it in the right place to keep up with legislation”, Ms Denham said.

Ms Denham concluded: “I want organisations to think to themselves: ‘we base our online user experience around what consumers want. We shape our products and services around what consumers want. We need to shape our data protection approach around what consumers expect’”. To read the speech in full, click here.