March 1, 2016

The Plan sets out a three-year rolling plan on how the ICO intends to achieve its objectives.

Given the amount of consumer information and data that businesses are now given in the age of the internet and how companies and public authorities are, as the Information Commissioner, Christopher Graham puts it in a blog post dated 25 February 2016, “not always as good as they should be” in terms of respecting that information, there is “important work for the ICO to do” as the UK’s referee of the operation of both the Data Protection Act and the Freedom of Information Act and their associated regulations.

However, Mr Graham reminds readers, the legislation under which the ICO operates is not fixed and immutable.  The Freedom of Information Act has been undergoing review by Lord Burns’s commission and the long-running review of the EU’s data protection framework is almost complete.  After four years of deliberation the outlines of a new General Data Protection Regulation are in place, together with an associated Directive on police and justice that will require full implementation from mid-2018.

The proposed changes to European data protection laws is what will have the most profound impact, Mr Graham says, and as a result, the ICO is gearing up to lead the transition to the new framework “so that citizen and consumer rights can be secured more effectively in the future”.

The new data protection framework makes significant changes.  If the ICO is to deliver its mission over the next three years and beyond, Mr Graham says, as well as enforcing the law as it currently stands, in the face of all the challenges technological developments present, it will also have to be fully prepared for the future regulatory environment and help UK businesses and organisations similarly to adapt.

The ICO will therefore be embarking on “a significant change programme”.  This process will be led by a dedicated change team, and will involve staff from all parts of the ICO.  The aim is “to make the transition as seamless as possible for all concerned”.  The ICO delivery objectives remain “as relevant as ever” and, Mr Graham says, the ICO will work hard to make sure that organisations understand both what their obligations are now and what they will be from 2018.  Accordingly, what the ICO needs to do to prepare for the new EU framework is a theme that runs through the entire corporate plan.  To read the Information Commissioner’s blog post in full and for a link to the Corporate Plan, click here.