The Information Commissioner says recent events have demonstrated that data protection and privacy are now more important to the UK public than ever before.
Elizabeth Denham was speaking ahead of the announcement of a major new public awareness campaign which will seek to improve people’s trust and confidence in how organisations handle their personal information.
“It has been hard to miss the exposé of Cambridge Analytica’s alleged use of personal data in election campaigns, including information gathered from Facebook.
“Our ongoing investigation into the use of personal data analytics for political purposes by campaigns, parties, social media companies and others will be measured, thorough and independent. Only when we reach our conclusions based on the evidence will we decide if enforcement action is warranted.
“The dramatic revelations of the last few weeks can be seen as a game changer in data protection. Suddenly, everyone is paying attention.
“Our public information campaign, Your Data Matters, will help raise awareness but also, I hope, increase trust in our data-driven world.”
Hosted by journalist and broadcaster Kate Bevan, other speakers at the DPPC event will include Margot James, Minister for Digital and the Creative Industries, along with experts and innovators from the public, private and academic sectors.
ICO staff will be outlining the regulator’s current and future work in areas including enforcement and regulatory action, technology policy and international engagement. Drop-in centres will offer one-to-one advice on various areas of data protection law, particularly aspects of the General Data Protection Regulation (GDPR), which applies from 25 May.
Ms Denham added:
“The proper use of personal data can achieve remarkable things. It can improve, ease and enrich our lives. Now, more than ever, the role of data protection practitioner is not just as a guardian of privacy but as an ambassador for the appropriate use of personal data in line with the law.”
Recognising the increasingly vital role played by professionals working in the sector, the inaugural ICO Practitioner Award for Excellence in Data Protection will be presented to Esther Watt, Data Protection Officer (DPO) at North Kesteven Council in Lincolnshire, who was chosen by an independent panel of five judges from more than 100 nominations.
“I’m delighted to have been chosen for this award and extremely grateful to have been nominated for it. Data protection officers are increasingly important on the front line of the new digital society, ensuring the rights of the public are protected while also making sure their organisations are legally compliant..”
Panel member Paul Jordan, managing director Europe for the International Association of Privacy Professionals said:
“Esther has clearly embraced her role as she was swiftly acknowledged as the chief architect for organisational change, which is possibly harder to achieve in the public sector as constraints can be harder to circumvent. Her initiatives have clearly been central to ensuring the organisation’s smooth and positive transition towards GDPR compliance.”
Jon Baines, chair of the National Association of Data Protection Officers and data protection adviser at Mishcon de Reya LLP, said:
"The DPO is recognised as a cornerstone of accountability. The protection of personal data is recognised as a fundamental right and the DPO will be crucial to ensuring that this right is respected, and also in allowing data subjects to understand and exercise that right."
Peter Carey, CEO of PDP Group and author of ‘Data Protection – a practical guide to UK and EU law’, said:
“Selecting a winner from a thoroughly deserving set of finalists was challenging as all were highly proactive, great communicators and experts on the requirements of data protection law – essential attributes for great DPOs.”
Ardi Kolah of Reading University’s Henley Business School, said:
"The achievements of all the nominees were extremely impressive and reflected their commitment to maintaining the highest standards and dedication to maintaining their own education and training, a massive factor in the success of a DPO."
Ashley Winton, information rights lawyer and chairman of trade association the Data Protection Forum, said:
“Unsurprisingly, the GDPR is bringing the importance of an effective DPO into sharp relief, a welcome systemic change for our profession.”
The DPPC event, taking place at the Manchester Central Conference Centre, can be watched on our live stream from 9.40am to 4.20pm on Monday, 9 April.
Notes to Editors
- The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
- The ICO can take action to change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit. The ICO has the power to impose a monetary penalty on a data controller of up to £500,000.
- The European Union’s General Data Protection Regulation (GDPR) is a new law which will apply in the UK from 25 May 2018. The Government has confirmed the UK’s decision to leave the EU will not affect the commencement of the GDPR. The Government is introducing measures related to this and wider data protection reforms in a Data Protection Bill.
- Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:
- fairly and lawfully processed;
- processed for limited purposes;
- adequate, relevant and not excessive;
- accurate and up to date;
- not kept for longer than is necessary;
- processed in line with your rights;
- secure; and
- not transferred to other countries without adequate protection.
- Civil Monetary Penalties (CMPs) are subject to a right of appeal to the (First-tier Tribunal) General Regulatory Chamber against the imposition of the monetary penalty and/or the amount of the penalty specified in the monetary penalty notice.
- Any monetary penalty is paid into the Treasury’s Consolidated Fund and is not kept by the Information Commissioner’s Office (ICO).
- To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns