Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

ICO Invites Applicants to GDPR Sandbox

The Information Commissioner’s Office (ICO) has launched in beta a new service designed to help organizations test innovative new services without fear of running foul of the GDPR.

The ICO’s Sandbox service is now open for applications from organizations with projects that have a "demonstrable public benefit."

Around 10 organizations will be chosen for this beta phase, with start-ups, SMEs and large organizations, across private, public and voluntary sectors able to apply.

The ICO defines “public benefit” both in terms of the number of people impacted by a service and the extent to which they could benefit.

Given the cutting edge nature of the new products being developed here and the compliance challenges they may present, the Sandbox will also help the ICO predict where changes may need to be made in terms of the guidance it offers businesses on data protection.

"Thousands of organizations are working on projects using personal data to transform the way we live and work. We want to support this innovation whilst helping ensure that the products and services under development are compliant and deliver benefits to the public,” said Simon McDougall, executive director for technology and innovation at the ICO.

"Our Sandbox will provide the environment that organizations need to test new concepts and technologies. The lessons we learn together may identify more fundamental questions with broader implications for data protection, and could ultimately inform the development of new guidance or codes of conduct in particular sectors to pave the way for further innovation."

Successful applicants will get an on-site visit from the ICO, during which they will jointly develop a customized Sandbox plan. Applications may be submitted up to May 24, 2019 and the beta phase runs until September 2020.

Some 59,000 businesses are said to have filed GDPR breach reports with their regulators across the EU up to February this year, including nearly 11,000 in the UK. Over 90 fines have been issued.

What’s Hot on Infosecurity Magazine?