Recognising the increasingly vital role played by professionals working in the sector, the second ICO Practitioner Award for Excellence in Data Protection was presented to Mikko Niva, Group Policy Officer at Vodafone Group Services Ltd based in London.

Chosen by an independent panel, Mr Niva has been recognised for delivering a pioneering global privacy compliance programme for Vodafone across 21 different countries, and for being a constant advocate for information and privacy rights.

Information Commissioner, Elizabeth Denham and Margot James MP, Minister for Digital and the Creative Industries, presented the award to Mr Niva at the ICO’s 12th annual Data Protection Practitioners’ Conference (DPPC) in Manchester on Monday 8 April.

Elizabeth Denham, Information Commissioner, said:

“Data protection practitioners play a crucial role in ensuring that organisations’ data protection practices are keeping up with changes in technology and truly putting people at the heart of what they do.

“I would like to congratulate Mikko Niva for winning this year’s award. Mikko’s dedication in leading his business to understand how important privacy is to inspire public trust and confidence is truly commendable.”

Mr Niva said:

“I am honoured and humbled for this recognition and proud to be part of Vodafone, a company that places great importance on privacy.

“As privacy professionals we are fortunate to work at the intersection between technology, ethics and compliance. The work we do is vital to ensuring that the digitisation of our society happens with the highest standards for the benefits of consumers and society. It’s a privilege to be a part of that.”

Paul Jordan, Managing Director Europe at the International Association of Privacy Professionals (IAPP), who was one of the judges, said:

“This year nominations were all of high calibre, having done some really great GDPR integration work for their respective organizations and stakeholders; it made the judging process all the more difficult.

“My congratulations to Mikko Niva in winning this prestigious ICO award. Mikko is a recognized data protection expert, and Data Protection Officer (DPO), who has been a tremendous advocate for GDPR and data protection both within Vodafone, but also importantly outside his organization speaking on privacy at multiple conferences. Mikko, your continued leadership in the field, and continued support for the privacy profession is an inspiration.”

Jon Baines, chair of NADPO and Data Protection Advisor at Mishcon de Reya LLP, who was one of the judges, said:

"I was delighted to be asked, for the second year running, to judge the ICO's Data Protection Officer of the Year award.

“As chair of the National Association of Data Protection and Freedom of Information Officers, I think it is fantastic that DPOs are finally getting the recognition they deserve, and the ICO award is a key driver for that.

“A DPO has such a complex and challenging task, but one that can be tremendously rewarding. A national award from the regulator is truly a badge of honour for a DPO."

Winner of the 2018 award, Esther Watt, Data Protection Officer at North Kesteven Council in Lincolnshire said:

“It’s been a really busy and fulfilling year since winning last year’s award. On a personal level, I’ve been making sure that we, as an organisation, are doing everything correctly and consistently when it comes to data protection legislation, while educating our colleagues and elected Members of their obligations. I continue to look forward to taking data protection forward and have been excited to play a key part in this.”

Attended by more than 800 delegates, this year’s DPPC highlighted the ICO’s current and future work in areas including technology policy and grants programme, enforcement and regulatory action, and the challenge of Brexit to data protection.

If you need more information, please contact the ICO press office on 0303 123 9070, or visit the media section on our website.

 

Notes to Editors

  1. Under past and current law, the ICO can take action to change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
  2. The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  3. The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR) and Privacy and Electronic Communications Regulations 2003 (PECR).
  4. Since 25 May 2018, the ICO has the power to impose a civil monetary penalty (CMP) on a data controller of up to £17million (20m Euro) or 4% of global turnover.
  5. The GDPR and the DPA2018 gave the ICO new strengthened powers, some of which, such as assessment notices can be used for this investigation.
  6. The data protection principles in the GDPR evolved from the original DPA, and set out the main responsibilities for organisations. Article 5 of the GDPR requires that personal data shall be:
    • Processed lawfully, fairly and in a transparent manner in relation to individuals;
    • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
    • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
    • Accurate and, where necessary, kept up to date
    • Kept in a form which permits identification of data subjects for no longer than is necessary; and
    • Processed using appropriate technical or organisational measures in a manner that ensures appropriate security of the personal data.
  7. Article 5(2) requires that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”
  8. Civil Monetary Penalties (CMPs) under past and current law are subject to a right of appeal to the (First-tier Tribunal) General Regulatory Chamber against the imposition of the monetary penalty and/or the amount of the penalty specified in the monetary penalty notice.
  9. Any monetary penalty is paid into the Treasury’s Consolidated Fund and is not kept by ICO.
  10. To report a concern to the ICO, go to ico.org.uk/concerns.