Outgoing Information Commissioner Stresses Need for GDPR Compliance

Written by

Speaking at the IAPP Conference in London, outgoing Information Commissioner Christopher Graham, whose seven year term ends in June, said that treatment of consumer data and the General Data Protection Regulation (GDPR) are the main focuses, and that he was delighted that Elizabeth Denham is his preferred successor.

Saying it was a “miracle” that he was still in the job as seven years is a traditional time for an apprenticeship and with so much change in the digital space and economy as a whole, he said he was thankful that he was in a job as lots of people are not.

“The Queen appointed me as the Information Commissioner and describes me as trusty and well beloved, and the independence of the Data Protection Authority in UK is that the Information Commissioner can only be removed by a joint resolution of both Houses of Parliament and by the Queen, and you’re in an area that is growing while many others are not,” he said.

Graham said that the Information Commissioner’s Office had grown by over a hundred people in his seven years and a growth in notifications and appointing data protection officers in business. “It is a good time to be a privacy professional too as 28,000 data protection officers are required, and the game we’re in is making sure we get the benefits that digital offers while avoiding the risks,” he said.

“We thought digital was the new oil, but discovered it is also the new asbestos.”

Graham stressed that the ICO is about guidance and enforcement and said that if threats are not properly managed and if we don’t manage our way through regulation, we are not doing ourselves any favors.

“The clever thing is to work out where you want to go and how to get there, but don’t disrespect the rights of consumers and the regulator is constantly making the point to you on how to get the best of both worlds.”

Graham also referred to one of the key points of his tenure, saying that the monetary penalties are “small beer” but he hoped that the point learned is that it is not about the £500,000 fine from the ICO, but instead focus on €20m and up to 4% of global turnover as a penalty.

“We are not in a butch world of fining everyone, but this government means business on enforcement, and wants to enable good things and show ways of achieving it but for organizations that don’t take notice or don’t care or think they can get away with it, it is not about shrugging off £500,000, it is [set to be] serious money and serious enforcement that you would do well to plan for carefully.”

What’s hot on Infosecurity Magazine?