The ICO’s Data Protection Practitioners’ Conference 2021 was held this week, bringing together more than 3,000 data protection professionals from across the country. Here are five headlines from the day.
- UK SCCs to go out for consultation in the summer
- A challenging year has brought positives
- Data protection can be a balancing act
- Data protection made easy for SMEs
- Unlocking the benefits of data sharing
The ICO is working on bespoke UK standard contractual clauses (SCCs) for international data transfers. Speaking at the ‘Ask the ICO’ Q&A session, ICO Deputy Commissioner Steve Wood said: “I think we recognise that standard contractual clauses are one of the most heavily used transfer tools in the UK GDPR. We’ve always sought to help organisations use them effectively with our guidance. The ICO is working on bespoke UK standard clauses for international transfers, and we intend to go out for consultation on those in the summer. We’re also considering the value to the UK for us to recognise transfer tools from other countries, so standard data transfer agreements, so that would include the EU’s standard contractual clauses as well.”
Emily Keaney, ICO Director of Domestic Regulatory Strategy, described the past year as “business as usual, but on steroids” and this was a feeling echoed across the day. But amid the challenges, several speakers emphasised the positives.
Charlene McQuillan, Data Practitioner Officer at the Department of Health NI, spoke about the strengthening of relationships between data protection officers (DPO) and senior management that she had experienced. And Dawn Monaghan, Head of Information Governance Policy at NHSX, talked about how the COVID-19 response showed the power of data in supporting the work of frontline staff and bringing benefits to individuals.
Elizabeth Denham, UK Information Commissioner, summed it up: “As a community we’ve proven our resilience. And we’ve shown that a pragmatism, coupled with a principles based law, can adapt to the circumstances of the day. In the face of high stakes and high pressure, we have all raised our game.”
The ‘Data Ethics’ seminar was one of the most well attended seminars of the afternoon – unsurprising when set against the results of our public consultation last December that showed two thirds of organisations that had appointed a DPO had adopted data ethics frameworks.
Ellis Parry, ICO Data Ethics Adviser, explained how data ethics works as part of a consideration of the law, and spoke about the role ethics can have in balancing the interests of society, including individuals, minority groups and data controllers.
The popular ‘Accountability in Practice’ seminar gave practical advice on achieving that balance, with Elizabeth Archer, ICO Principal Policy Adviser, speaking about the importance of “creating and embedding a positive data protection culture.” She explained how the ICO’s accountability framework can help organisations think about the risks around data processing, and how to mitigate them.
It's vital to their success that all small organisations – including small- to medium-sized enterprises (SMEs), small businesses, and sole traders – make maximum use of the data they hold in a responsible way. Paul Arnold, ICO Deputy CEO and Chief Operating Officer, said: “Our SME hub was introduced in 2019, born out of our commitment to help smaller organisations to get access to tailored, specific advice to help them navigate what can be a complex legislative framework and to help them maximise the use of the data they hold.”
That was reflected in two popular ‘Data protection for beginners’ seminars that covered the data protection basics for those starting out or looking to brush up on their knowledge and skills. Both seminars were led by four case officers whose day-to-day roles focus on supporting and advising SMEs on the ICO’s small business helpline. Daniel Morgan, ICO Case Officer, said: “Good data protection practices make good business sense and can enable your business to grow and thrive.”
There are lots of top tips and simple guides on our SME web hub, which have been tailored to the needs of all small organisations looking to strengthen their practices.
Looking ahead beyond the immediate crisis, data sharing will be central to what comes next, as Phil Earl, Deputy Director at Department for Digital, Culture, Media and Sport, made clear about the National Data Strategy. He said: “We want the strategy to be setting a really high level of ambition for what we want to do – to position the UK as a global champion of data, driving the international flow of data across borders, but doing so in a way which continues to protect data to a high standard.”
Building on the benefits of data sharing, we ran three seminars that covered the ICO’s data sharing code, giving practical tips and case studies, and busting some data sharing myths. Viv Adams, ICO Principal Policy Adviser, said: “Data protection law enables data sharing, providing a positive framework to share data fairly and proportionately. These practical tools are there to help you decide when and how to share data.”