The regulator has faced criticism from many quarters over a perceived go-slow in issuing guidance for the new Regulation, especially since consent guidance has been delayed until at least December, with the official line on using "legitimate interests" to process marketing data unlikely to emerge until the new year.
However, in an interview with the Financial Times, Denham said that companies are getting in shape: “Data protection is not a back-burner issue any more. It underlies everything we do, in our personal lives, as consumers, as well as policing and law enforcement, criminal justice, everything relies on data. That’s why this is such a critical issue at a critical time.”
She said that GDPR was essential as consumers “are experiencing a crisis of trust in business and government when it comes to the use of personal data”.
Denham also refuted suggestions that the regulator is planning to make an example of big companies by hitting them with massive penalties, insisting that the ICO would continue to be a “proportionate, rational regulator”, adding that fines were “usually a last resort”.
She told the Financial Times that smaller fines, warnings and reprimands could be just as detrimental to business.
“Even if there’s a £15,000 fine as opposed to a £3m fine, there’s still reputational damage,” she said. “[Companies] don’t want to be fined by the regulator, they don’t want an enforcement notice, they don’t want the publicity.”