Elizabeth Denham addresses next generation of DPOs at NADPO Annual Conference 2016

This year’s National Association of Data Protection and Freedom of Information Officers (“NADPO”) Annual Conference held on 21 November 2016 had a very special guest – the new UK Information Commissioner, Elizabeth Denham.

A link to the full speech can be found here on the Information Commissioner’s Office website, but we have highlighted below the key takeaways:

  1. Understands the realities of operationalising privacy – “I understand your reality, and my office will be here to help you through this important change”.
  2. Positive change for information rights – “I have been trying to get the message out of positive change in respecting information rights”. Through her interview with the BBC about Freedom of Information, views on WhatsApp and Facebook and involvement with the review of the Digital Economy Bill there is a real emphasis on highlighting the positive changes to come in respect of information rights. Be this through the tighter monitoring of public authorities, proper information and protections for consumers’ data rights or by highlighting the checks and balances required around data sharing – the ICO’s message is simple – change is a good thing and with it comes opportunities.
  3. Passion for access rights and information rights – “I hope you’ll have felt my passion for access rights and privacy issues. This is what I do…My focus has always been on making sure the regulator is relevant, and making sure our work made a difference to the public”.
  4. No time to stand still – “I believe there is much more to do, and we need to respond to a fast changing world”.
  5. Privacy and Innovation – “the theme of my speech [to a group of digital entrepreneurs recently] was privacy and innovation, not privacy or innovation”.

The new Information Commissioner also highlighted how the ICO will be helping organisations prepare to meet the requirements of the GDPR – including:

  • Article 29 Working Party GDPR Guidance – the ICO is helping to write guidance for organisations on the key priority areas of the GDPR. We can expect the following guidance to be published:
    • End of 2016 - guidance addressing the role of the Data Protection Officer, the new right of data portability and how to identify an organisation’s main establishment and lead supervisory authority;
    • February 2017 – guidance on concept of risk and conducting a Data Protection Impact Assessment;
    • 2017 – guidance on certification – exact date to be confirmed.
  • ICO Guidance – in addition, the ICO is developing its own guidance on a number of other areas, including a revised Big Data Report to be published before the end of 2016 and guidance on consent and profiling expected in January 2017.
  • BREXIT – Elizabeth Denham emphasised that the ICO will “be at the centre of any conversations” regarding data protection laws in the midst of BREXIT.

Finally, the Information Commissioner made a few announcements about some organisational changes that are happening at the ICO – including:

  • Two Deputy Commissioners – the ICO will appoint two deputies: one to oversee policy issues and the other to oversee operations;
  • Deputy CEO – the appointment of a CEO to oversee key functions including HR and finance;
  • Chief Technology Officer – this will be a newly created role with the aim of improving technology capacity and expertise;
  • Senior Legal Counsel – this will be another newly created role to ensure there is capability there to respond to the “greater legal challenges and scrutiny of our enforcement work”.

With a new regulation on the horizon coupled with ever-changing technology, 2017 looks set to be busier than ever. But we can feel reassured that we go into 2017 safe in the knowledge that “The ICO will do its bit” and is tooling up to support the businesses of the future.

Samantha Sayers  | Solicitor – Cyber Security and Data Protection | PwC - UK
[email protected] | +44 (0)20 7213 4697

More articles by Samantha Sayers