HomeInsightsInformation Commissioner’s Office publishes update on the General Data Protection Regulation (2016/679/EU) one year on

Article by

The ICO has published an update to share its reflections and learnings from the past twelve months of the operation of the GDPR. The update provides an overview of the ICO’s experience in this first year and shares information and insights that will be further explored in its Annual Report later this year.

In a blog post accompanying the update, the Information Commissioner, Elizabeth Denham, says that “there is much more still to do to build the public’s trust and confidence”, and that there are “ongoing challenges of operationalising and normalising the new regime”.

A key area of work during 2019/20 will be to support all parts of the UK business community, from the smallest SMEs to the biggest boardrooms, to deliver what is needed, Ms Denham says. Where the law requires it, the Ms Denham wants to see Data Protection Officers (DPOs) embedded and supported in their respective organisations by senior management.

In Ms Denham’s view, the focus for the second year of the GDPR must be beyond baseline compliance: organisations need to shift their focus to accountability with a real evidenced understanding of the risks to individuals in the way they process data and how those risks should be mitigated. Well-supported and resourced DPOs are “central to effective accountability”, she says.

Ms Denham says that her office is “committed to supporting DPOs and organisations to get things right”. However, the ICO’s role “is not to be a ‘DPO for hire’”; responsibility for compliance lies with organisations. For those who do not take this responsibility seriously or those who break the law, Ms Denham says that her office will “act swiftly and effectively”. The ICO has received more than 40,000 data protection complaints since 25 May 2018 and over 14,000 reports of personal data breaches. It will use this information, as well as intelligence from other regulators and investigations it has instigated, to “take robust action” where necessary.

Many of the investigations launched with the ICO’s new powers are nearing completion and Ms Denham expects outcomes soon, demonstrating the actions the office is willing and able to take to protect the public. To access the blog post and GDPR update, click here.