Information Commissioner's Office
Five things we learned from DPPC 2021
The ICO’s Data Protection Practitioners’ Conference 2021 was held this week, bringing together more than 3,000 data protection professionals from across the country. Here are five headlines from the day.
- UK SCCs to go out for consultation in the summer
- A challenging year has brought positives
- Data protection can be a balancing act
- Data protection made easy for SMEs
- Unlocking the benefits of data sharing
UK SCCs to go out for consultation in the summer
The ICO is working on bespoke UK standard contractual clauses (SCCs) for international data transfers. Speaking at the ‘Ask the ICO’ Q&A session, ICO Deputy Commissioner Steve Wood said: “I think we recognise that standard contractual clauses are one of the most heavily used transfer tools in the UK GDPR. We’ve always sought to help organisations use them effectively with our guidance. The ICO is working on bespoke UK standard clauses for international transfers, and we intend to go out for consultation on those in the summer. We’re also considering the value to the UK for us to recognise transfer tools from other countries, so standard data transfer agreements, so that would include the EU’s standard contractual clauses as well.”
A challenging year has brought positives
Emily Keaney, ICO Director of Domestic Regulatory Strategy, described the past year as “business as usual, but on steroids” and this was a feeling echoed across the day. But amid the challenges, several speakers emphasised the positives.
Charlene McQuillan, Data Practitioner Officer at the Department of Health NI, spoke about the strengthening of relationships between data protection officers (DPO) and senior management that she had experienced. And Dawn Monaghan, Head of Information Governance Policy at NHSX, talked about how the COVID-19 response showed the power of data in supporting the work of frontline staff and bringing benefits to individuals.
Elizabeth Denham, UK Information Commissioner, summed it up: “As a community we’ve proven our resilience. And we’ve shown that a pragmatism, coupled with a principles based law, can adapt to the circumstances of the day. In the face of high stakes and high pressure, we have all raised our game.”
Data protection can be a balancing act
The ‘Data Ethics’ seminar was one of the most well attended seminars of the afternoon – unsurprising when set against the results of our public consultation last December that showed two thirds of organisations that had appointed a DPO had adopted data ethics frameworks.
Ellis Parry, ICO Data Ethics Adviser, explained how data ethics works as part of a consideration of the law, and spoke about the role ethics can have in balancing the interests of society, including individuals, minority groups and data controllers.
The popular ‘Accountability in Practice’ seminar gave practical advice on achieving that balance, with Elizabeth Archer, ICO Principal Policy Adviser, speaking about the importance of “creating and embedding a positive data protection culture.” She explained how the ICO’s accountability framework can help organisations think about the risks around data processing, and how to mitigate them.
Data protection made easy for SMEs
It's vital to their success that all small organisations – including small- to medium-sized enterprises (SMEs), small businesses, and sole traders – make maximum use of the data they hold in a responsible way. Paul Arnold, ICO Deputy CEO and Chief Operating Officer, said: “Our SME hub was introduced in 2019, born out of our commitment to help smaller organisations to get access to tailored, specific advice to help them navigate what can be a complex legislative framework and to help them maximise the use of the data they hold.”
That was reflected in two popular ‘Data protection for beginners’ seminars that covered the data protection basics for those starting out or looking to brush up on their knowledge and skills. Both seminars were led by four case officers whose day-to-day roles focus on supporting and advising SMEs on the ICO’s small business helpline. Daniel Morgan, ICO Case Officer, said: “Good data protection practices make good business sense and can enable your business to grow and thrive.”
There are lots of top tips and simple guides on our SME web hub, which have been tailored to the needs of all small organisations looking to strengthen their practices.
Unlocking the benefits of data sharing
Looking ahead beyond the immediate crisis, data sharing will be central to what comes next, as Phil Earl, Deputy Director at Department for Digital, Culture, Media and Sport, made clear about the National Data Strategy. He said: “We want the strategy to be setting a really high level of ambition for what we want to do – to position the UK as a global champion of data, driving the international flow of data across borders, but doing so in a way which continues to protect data to a high standard.”
Building on the benefits of data sharing, we ran three seminars that covered the ICO’s data sharing code, giving practical tips and case studies, and busting some data sharing myths. Viv Adams, ICO Principal Policy Adviser, said: “Data protection law enables data sharing, providing a positive framework to share data fairly and proportionately. These practical tools are there to help you decide when and how to share data.”
Latest News from
Information Commissioner's Office
ICO fines three companies £415,000 for nuisance marketing10/06/2021 12:25:00
The Information Commissioner’s Office (ICO) has fined three separate companies a total of £415,000 for sending nuisance marketing to people about car finance, solar panels and funeral plans.
Elizabeth Denham welcomes a delay to the launch of the GPDPR10/06/2021 10:38:00
Elizabeth Denham recently (08 June 2021) welcomed a delay to the launch of the GPDPR.
Statement in response to concerns around the GP Data for Planning and Research programme08/06/2021 16:15:00
Statement in response to concerns around the GP Data for Planning and Research programme.
Conservative Party fined £10,000 for sending unlawful emails03/06/2021 12:05:00
The Information Commissioner’s Office (ICO) has fined the Conservative Party £10,000 for sending 51 marketing emails to people who did not want to receive them.
Blog: How the digital design community can help shape the ICO’s work on the Children’s Code28/05/2021 12:25:00
A blog by Georgina Bourke, Principal Technology Adviser specialising in UX Design.
Blog: Spotlight on the Children’s Code standards – data protection impact assessments28/05/2021 09:10:00
A blog by Michael Murray, ICO’s Head of Regulatory Strategy.
Amex fined for sending four million unlawful emails21/05/2021 12:25:00
The Information Commissioner’s Office (ICO) has fined American Express Services Europe Limited (Amex) £90,000 for sending more than four million marketing emails to customers who did not want to receive them.
ICO and CMA set out blueprint for cooperation in digital markets19/05/2021 14:20:00
The Information Commissioner’s Office (ICO) and the Competition and Markets Authority (CMA) have published a joint statement, setting out their shared views on the relationship between competition and data protection in the digital economy.