Businesses across the UK are coming to terms with the General Data Protection Regulations that come into force on the 25 May 2018 and with The Data Protection Bill has only been announced this week,there is a constant barrage of information in the media outling the changes and new responsibilities. As is always the case many are detailing the usual scare stories of the huge fines that businesses can face for non-compliance and the restrictions that will be placed on business.
The Information Commissioner, Elizabeth Denham, has today published a statement that addresses some of the rumours that are surrounding the implementation of GDPR in the UK. She takes the opportunity to remind us that the new laws are designed to lead to greater transparency, increased accountability and enhanced rights of citizens regarding their privacy and the use of their personal data and not about raising income from large fines on business.
The ICO believes that the way to achieve the objectives of GDPR is to provide the information and support to companies in order to help them comply with the new laws, the focus being on engagement rather than enforcement.
Certainly the focus that is being given to the fines in the media is of concerned to the ICO who is concerned that the correct message is perhaps being lost.
Elizabeth Denham stated;
It’s true we’ll have the power to impose fines much bigger than the £500,000 limit the DPA allows us. It’s also true that companies are fearful of the maximum £17 million or 4% of turnover allowed under the new law.
But it’s scaremongering to suggest that we’ll be making early examples of organisations for minor infringements or that maximum fines will become the norm.
but went onto stress that;
But we intend to use those powers proportionately and judiciously.
And while fines may be the sledgehammer in our toolbox, we have access to lots of other tools that are well-suited to the task at hand and just as effective.
The full statement from the ICO may be found here.