In order to continuously develop the way we work to deliver the ambitions in this plan, we have identified five ‘shifts of approach’. These shifts represent what we have to do differently to make sure ICO25 is successful:
Prioritising with simplicity and agility
Understanding what we are prioritising and why, what we aim to achieve and how to achieve it at pace. We must also understand when and how to move on to our next priority.
To demonstrate whether this has been achieved effectively we have set the following measures:
-
- increased awareness of what we are going to prioritise and deprioritised from both staff and stakeholders and of how these decisions are made;
- identification of clear objectives and delivery within agreed milestones for all PACE work; and
- improvements in our performance measures set out above.
Being more inclusive and empathetic in our regulatory interventions
Improving our insight and understanding of the challenges and opportunities faced by those we regulate and the people we protect. We must reach new audiences, particularly the ones most in need of our support and protection, using language and tone which demonstrates our understanding of the world we regulate and not just the laws we oversee.
To demonstrate whether this has been achieved effectively we have set the following measures:
- increased number of stakeholders agreeing that the ICO understands the issues they face;
- increased agreement that ICO guidance is proportionate, accessible and tailored;
- increased agreement that our impact assessments take account of a broad range of society and the economy; and
- reduction in the percentage of organisations that feel that data protection laws are a barrier for trading with businesses.
Operating transparently to provide great customer service
Giving special focus to sharing our information, knowledge and insight routinely and extensively. We must do this in ways which support its reuse and through tools, products and services which provide practical outcomes as well as advice.
To demonstrate whether this has been achieved effectively we have set the following measures:
- reduction in the number of avoidable or unnecessary contacts;
- increased agreement that our codes and guidance are being used and followed and are making a difference;
- increased number of stakeholders report that they got the information they needed from the ICO quickly and clearly; and
- reduction in number of avoidable advice calls and written enquiries from members of the public and businesses.
Improving regulatory certainty
Allowing our expectations to be understood, our actions to be predicted and our advice relied on. We do this to clearly prevent serious harm and reduce the cost of compliance. For instance, we will not tolerate organisations who are using people’s information to exploit them or expose them to harm, and we will not take action against organisations who share data to safeguard vulnerable people. Regulatory certainty does not mean we will provide certainty about every aspect of the law in every individual case.
To demonstrate whether this has been achieved effectively we have set the following measures:
- increased confidence that stakeholders understand our likely regulatory position on a range of issues;
- increased agreement that the ICO is clear about what the law requires;
- reduction in the percentage of businesses who said they spent a disproportionate amount of time working out the requirements of the UK data protection law; and
- increase in the percentage of businesses who said they found ICO guidance to be clear and easy to understand.
Maximising the technical capability of our people and systems
Transforming our workforce capability, realising the full benefits of digital tools and our data assets to increase our impact from the resources we invest. We must approach all that we do in ways which improve productivity, efficiency and the value we offer for the tax payers and fee payers who fund our work.
To demonstrate whether this has been achieved effectively we have set the following measures:
- increased confidence from stakeholders that we understand and anticipate developments in the external environment;
- reduction in the percentage of businesses who said data protection had prevented the implementation of a new or improved product, business model or product;
- overall financial year-end outturn is within +/-3% of income;
- increased staff engagement; and
- increase in the percentage of organisations who have heard of the ICO and know what it is.