Information Commissioner's Office
“20 million reasons for organisations to get EU data reforms right”
The Information Commissioner Christopher Graham will today call for organisations to begin their preparations for the forthcoming EU data protection reforms.
Speaking at the ICO’s annual Data Protection Practitioners’ Conference, Christopher Graham will highlight how maximum fines as high as 20 million euros for breaches of the new data protection regulation mean organisations cannot afford to get data protection wrong:
“People have never been so aware of what their personal data is, and never cared so much about how it is used. The law is changing to reflect that.
“The EU data protection reforms promise to be the biggest shake up for consumers’ data protection rights for three decades. Organisations simply cannot afford to fall behind. We know data protection officers understand this, and we know they sometimes find their views ignored in the boardroom. The new law gives directors 20 million reasons to start listening.”
The EU’s General Data Protection Regulation is four years in the making. Agreement on the new rules was reached last December, and work is now ongoing around translation and legal accuracy. Final political sign-off is expected in the summer, followed by a two year transition period before the regulation becomes law across the EU, including replacing the EU Directive on which the UK’s Data Protection Act 1998 is based on.
As the regulator, the ICO’s role is not just about enforcement and fines, and there’s a significant amount of work to be done guiding organisations who want to make sure they’re following the new rules, and getting it right from the start. With that in mind, the ICO will today publish a guide setting out how organisations can begin their preparations for the changes. The 12 step guide, launched at the Manchester conference, will explain that many of the new laws’ concepts and principles are the same as those currently in UK law, but new elements and significant enhancements mean organisations will have to do some things differently.
The ICO conference brings together over 800 delegates attending from a variety of different sectors. As well as key speakers, the event includes workshops on a range of data protection topics, from handling subject access requests to CCTV.
The speakers and workshops will be live streamed throughout the day, and are available on the conference website. We’re working with Reframed, allowing people to comment on and share specific moments of video, either through the video player or on twitter using #dppc2016.
Notes for editors
The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:
Fairly and lawfully processed
Processed for limited purposes
Adequate, relevant and not excessive
Accurate and up to date
Not kept for longer than is necessary
Processed in line with your rights
Not transferred to other countries without adequate protection
Latest News from
Information Commissioner's Office
Blog: Regulating through a pandemic and beyond28/07/2021 13:20:00
A blog by James Dipple-Johnston, Deputy Commissioner - Chief Regulatory Officer
ICO approves the first UK eIDAS Regulations Qualified Trust Service Provider28/07/2021 09:10:00
The Information Commissioner’s Office has approved GlobalSign as the UK’s first qualified trust service provider [QTSP] under the UK eIDAS Regulations.
ICO's blog on its information rights work26/07/2021 16:20:00
Colleagues from the ICO’s FOI Directorate share their experiences and involvement in raising awareness of our regulation of access to information legislation.
Blog: New toolkit launched to help organisations using AI to process personal data understand the associated risks and ways of complying with data protection law21/07/2021 09:20:00
Alister Pearson, the ICO’s Senior Policy Officer – Technology introduces a new beta version of our AI and Data Protection Risk Toolkit. He explains how it can assure organisations that use AI to process personal data that they are processing it in line with the law and how organisations can help the ICO shape a final version.
Blog: What’s next for the Accountability Framework?19/07/2021 09:10:00
Blog posted by: Anulka Clarke, 15 July 2021.
Blog: Reflecting on the past five years of fundraising and data protection regulation16/07/2021 14:43:00
Lord Toby Harris, Chair of the Fundraising Regulator & Elizabeth Denham CBE, the UK Information Commissioner, reflect on the past five years of fundraising and data protection regulation in the charity sector.
Statement on ICO investigation into Department of Health and Social Care CCTV footage16/07/2021 09:10:00
The ICO can confirm it is investigating an alleged data breach.
ICO fines transgender charity for data protection breach exposing sensitive personal data09/07/2021 09:25:00
The Information Commissioner’s Office (ICO) has fined transgender charity Mermaids £25,000 for failing to keep the personal data of its users secure.