“There is no deadline. It’s important to understand that 25th May is not the end, it is the beginning - there is a long road ahead.” So said Information Commissioner Elizabeth Denham to the 800-strong audience at today’s Data Protection Practitioners’ Conference 2018 in Manchester as she warned the industry to “buckle up, it’s going to be an interesting ride”.
Speaking on the day that 1 million UK Facebook users were due to be told if their data was among that alleged to have been illegally shared with Cambridge Analytica, the issue of how consumers will action their new rights under the General Data Protection Regulation, as well as how organisations can build trust in their own usage of personal data, hung over the whole proceedings.
Denham acknowledged a mood among consumers that, “for a long time, they have been taken for granted”, with the recent revelations causing many to question what, exactly, will be done with their data and how it will be protected. That is putting pressure on organisations to respond by becoming more transparent, although this is not an easy process for many - the ICO’s GDPR helpline for SMEs is getting 2,500 calls each week, she revealed.
“The dramatic revelations of the last few weeks have been a game-changer.”
But with just 33 days left before enforcement begins on 25th May, the optics around data protection have been shifted dramatically by the recent Facebook issue. “One thing is certain, the dramatic revelations of the last few weeks have been a game-changer for data protection. Everyone’s talking about it - the media, Parliament, consumers, the whole damn planet,” said Denham.
Despite being in the thick of ongoing investigations - the ICO is looking into 30 different organisations connected to the use of personal data in political campaigns, many of which have only responded under warrant - Denham was determined to take a positive view of the digital economy and the use of personal information that fuels it.
“Your role is not just as guardians of privacy, but ambassadors for the appropriate use of personal data.”
“Although you wouldn’t know it now, the proper use of personal data can deliver wonderful things. It improves, enables and enriches our lives. The work data protection practitioners do allows that to happen and must continue apace,” said Denham. “Your role is not just as guardians of privacy, but ambassadors for the appropriate use of personal data in line with the law.”
That said, the ICO is gearing up for a significantly enhanced role. With its budget boosted from £25 million to £34 million for the 2018/19 financial year, it has already added 70 staff in the last 12 months and will hire 150 more in the next two years. Some 200 case officers are now handling public complaints, while 60 policy officers work on the ICO’s strategic direction and another 60 conduct enforcements, like the high profile raid on Cambridge Analytica’s offices in March.
While much emphasis has been placed on the risk of monetary penalties running as high as €20 million or 4% of global turnover, Denham voiced an even greater threat to those who refuse to follow what GDPR mandates. She told the conference: “We can order an organisation to stop processing data, which may be the more significant option.”