It is “extremely likely” the European General Data Protection Regulation (GDPR) will be live before the UK leaves the EU and firms wanting to do business with the bloc thereafter will have to follow some form of it, the new ICO has confirmed.
In her first public speech at the Personal Information Economy (PIE) 2016 conference in London, Elizabeth Denham explained that the data protection watchdog is here to help companies comply with the new regulations, which are enforceable from 25 May 2018.
She argued that whether the UK updates its own data protection laws or decides to stick with GDPR following Brexit, “personal information will need to flow.”
“It is fundamental to the digital economy. In a global economy we need consistency of law and standards – the GDPR is a strong law, and once we are out of Europe, we will still need to be deemed adequate or essentially equivalent,” Denham added.
“For those of you who are not lawyers out there, this means there would be a legal basis for data to flow between Europe and the UK.”
She urged firms to embrace the coming European regulations as an opportunity to “improve your practices,” “sharpen things up,” and “look at things afresh.”
Also during the speech, the new UK privacy regulator revealed plans to turn the ICO into a more tech-savvy organization.
“We are building on our own capacity for technology by analysing more, researching more, and embedding technology into the future of the ICO. We are also seeking partnerships with universities and we aim to support research into privacy by design solutions,” Denham explained
“I am creating a new position of chief technology advisor to help with this, and extending the technology team by hiring new talent.”
She will certainly have her work cut out over the next five years. Already, the ICO has been forced to step in to ask Yahoo about the eight million UK accounts said to have been compromised in the recently disclosed breach at the internet pioneer.
The regulator is also reviewing current data sharing practices between WhatsApp and other Facebook companies.
With limited resources, it will be down to Denham to choose her investigations carefully – and she’s already promised to go after those with the “largest impact on the privacy rights of individuals.”