Insights Information Commissioner’s Office holds Data Protection Practitioners’ Conference (DPPC) 2021

The ICO has published a news release listing “Five things we learned from DPPC 2021”:

  • UK Standard Contractual Clauses (SCCs) to go out for consultation in the summer: the ICO is working on bespoke UK SCCs for international data transfers. Speaking at the “Ask the ICO” Q&A session, ICO Deputy Commissioner Steve Wood, said: “ … The ICO is working on bespoke UK standard clauses for international transfers, and we intend to go out for consultation on those in the summer. We’re also considering the value to the UK for us to recognise transfer tools from other countries, so standard data transfer agreements, so that would include the EU’s standard contractual clauses as well.”;
  • a challenging year has brought positives: Emily Keaney, ICO Director of Domestic Regulatory Strategy, described the past year as “business as usual, but on steroids”. However, amid the challenges, several speakers emphasised the positives. Charlene McQuillan, Data Practitioner Officer at the Department of Health NI, spoke about the strengthening of relationships between data protection officers (DPO) and senior management that she had experienced. And Dawn Monaghan, Head of Information Governance Policy at NHSX, talked about how the COVID-19 response showed the power of data in supporting the work of frontline staff and bringing benefits to individuals;
  • data protection can be a balancing act: the “Data Ethics” seminar was one of the most well-attended seminars of the afternoon, which the ICO says was unsurprising when set against the results of its public consultation in December 2020, which showed two thirds of organisations that had appointed a DPO had adopted data ethics frameworks. Ellis Parry, ICO Data Ethics Adviser, explained how data ethics works as part of a consideration of the law, and spoke about the role ethics can have in balancing the interests of society, including individuals, minority groups and data controllers. The “Accountability in Practice” seminar gave practical advice on achieving that balance. Elizabeth Archer, ICO Principal Policy Adviser, explained how the ICO’s accountability framework can help organisations think about the risks around data processing, and how to mitigate them;
  • data protection made easy for SMEs: Paul Arnold, ICO Deputy CEO and Chief Operating Officer, said: “Our SME hub was introduced in 2019, born out of our commitment to help smaller organisations to get access to tailored, specific advice to help them navigate what can be a complex legislative framework and to help them maximise the use of the data they hold.”; and
  • unlocking the benefits of data sharing: looking ahead beyond the immediate crisis, data sharing will be central to what comes next, as Phil Earl, Deputy Director at Department for Digital, Culture, Media and Sport, made clear about the National Data Strategy. He said: “We want the strategy to be setting a really high level of ambition for what we want to do – to position the UK as a global champion of data, driving the international flow of data across borders, but doing so in a way which continues to protect data to a high standard.”

To read the ICO’s summary of the DPPC 2021 in full, click here.