The ICO recently published its Information Rights Strategic Plan for 2017 – 2021 (the ‘Plan’). Within it, the ICO Commissioner, Elizabeth Denham, asserts that we are on the “edge of a new frontier,” and that the data protection landscape is about to be reshaped by the “game changing” General Data Protection Regulation (the ‘GDPR’). Noting the significant changes for organisations, the public and regulators, the Commissioner sets the key aim of ensuring that data protection regulators stay relevant. According to the Commissioner’s opening statement, this entails increasing the public’s trust in government, public bodies and the private sector in terms of not only transparency, but also their involvement in the digital economy and digital public services.
The Plan specifies five clear goals:
- Increase the public’s trust and confidence in how data is used and made available;
- Improve standards of information rights practice through clear, inspiring and targeted engagement and influence;
- Maintain and develop influence within the global information rights regulatory community;
- Stay relevant, provide excellent public service and keep abreast of evolving technology; and
- Enforce the laws the ICO helps to shape and oversee
The Plan also emphasises the ICO’s commitment to achieving the aforementioned goals by: (i) exploring innovative and technologically agile ways to protect privacy; (ii) leading the implementation of the GDPR and other data protection reforms; (iii) strengthening transparency and accountability by promoting good information governance; and (iv) protecting the public in a digital world.
The highest priorities for the ICO for the first two years of this five-year plan will be preparing business processes and guidance for the GDPR, the Law Enforcement Directive and the ePrivacy Regulation, in order to avoid the ICO’s biggest risk: not being prepared in time.
The Plan is ambitious; it requires a cultural shift not only within organisations that process data, but for the public as a whole. The ICO has been working to prepare guidance for organisations and the public on all forthcoming data protection legislation, and we will continue to report on this as and when guidance is released. The pivotal path towards achieving this cultural shift will be ensuring that organisations and the public are aware of the new rules and how they apply.