The head of the British organisation responsible for enforcing data security gave a clear sense of direction to businesses about changing official attitudes to personal data acquisition. Elizabeth Denham, a world-renowned data security expert, prior to being appointed in 2016, shared four key principles in the ICO’s direction of travel:
1) “Thinking that GDPR is about crippling financial punishment misses the point. GDPR is about enhanced rights for individuals!
2) The new data protection reforms can be summarised in three main areas – transparency, control and accountability. The new law requires you to be transparent and tell people what you will do with their data. You then have to stick to what you
said. Finally, and this is the strengthened part of the law, you should be prepared to account to your customers and the regulator for what you have done.
3) We [the ICO] fully accept that cyberattacks are a criminal act. But we also believe you need to take steps to protect yourself against the criminals. Businesses will need to be able to show reporting structures, risks assessments and mitigation measures, who is responsible for what within the business and these records need to be up-to-date and accurate and comprehensive. They need to be available for the ICO if an incident occurs.
4) What is absolutely clear is that cyber security and data protection go ‘hand in hand’. In today’s interconnected world, privacy depends on cyber security.”
These are a hurried transcript of Elizabeth Denham’s comments this morning, and we apologise if any of the transcription is in error!