Good morning everyone. I hope you're enjoying the conference. it's certainly
great to be back again – if only virtually. I am currently in
Wilmslow with my team preparing for an unexpected parliamentary appearance it's
complex it's critical and I need to give it my full attention but I am definitely
with you in spirit it's the third year that the ICO has spoken at this event
and I rather feel that we've become a fixture when I addressed you last year I
was speaking about the many changes that have happened since Christopher Graham
my predecessor spoke to you the year before that so I now find myself looking
back again what's changed since I spoke to you last year there are still
challenges yes but even as the 25th of May gallops towards us I do sense a more
settled mood and I think that's because the changes in the last year have been
significant organizations your organization's are well underway with
the GDP our preparations and the new law should seem a little less daunting some
organizations are beginning to even embrace the GDP are seeing it for the
opportunities that it presents rather than the perceived barriers that it
throws up our I love the GDP our campaign that we ran on Valentine's Day
to mark a hundred days until the GDP are demonstrated that data protection
reforms are now being supported where once they were resisted the ICO has
played our part my series of myth-busting blog set the record
straight on issues such as consent and fines we published our guide to the GDP
our to start building up a library of guidance that is authoritative
accurate and accessible that guidance is coming out thick and fast or at least it
feels that way to us and we've of course recognized that organizations with 250
staff or fewer face particular problems in understanding their obligations under
the new law so targeted resources including
sector-specific FAQs and a dedicated helpline are our answer to that call
1,500 calls to be exact every week and rising we will continue
to help. We'll soon publish an overview – kind of a roadmap – of the data protection
bill in response to feedback that the bill is complex and confusing and next
month we'll be publishing tools aimed at micro businesses – organizations that
employ fewer than ten people – who we know are feeling overwhelmed by the task in
front of them what will be of most interest to all of you in this room is
our work with the DMA to help produce a direct marketing guide we have provided
input and provided feedback into sections on accountability and
essentials of the GDPR and we're going to continue to work with
the DMA and of course our own direct marketing code of practice is still in
the pipeline change is coming it's inevitable progress however is optional
so I'm looking around the room and I'm wondering where you're at this time last
year whether you were in the room following the conference on Twitter or
just getting on with your day job do you feel like you've moved on has your
mindset shifted we at the ICO have certainly changed and we're progressing
my office is working in a new age of data protection this government
and others around the world fully recognized that personal data is the
fuel that powers so much of what makes our economy what makes our homelife and
our public services function the UK is already a leader in this space and it's
one of the things that attracted me to this job and this year the government
has made it crystal clear its intention that we retain our world-class status
and that the UK is the safest place to be online I speak in the main about the
GDPR our but that's just part of the picture the data protection bill brings
the GDPR our into UK law and it tackles some of the details over which we have
discretion and Brexit of course my office is fully engaged with government
and with others about proper protection for customers about certainty for
businesses and the need for strong independent oversight of the law but
that's not all you have to add in the Law Enforcement Directive which sets out
how we'll tackle crime across borders and the NIS directive which sets out
reporting rules for organisations that suffer a cyber attack and of course the
one you'll all be waiting for the ePrivacy Regulation which sets out the
rules for direct marketing via phone text and email detail of the ePrivacy
Regulation is still being debated but a default for all customer marketing to be
opt-in in is in the current draft until the ePrivacy Regulation comes into
force then PECR will sit alongside the GDPR
that means electronic marketing will require consent
yes there is the potential to use legitimate interests as a legal basis
for processing in some circumstances but you must be able to be confident that
you can rely on it it seems to me that there's a lot of energy and effort being
spent on trying to find a way to avoid consent that energy and effort would be
much better spent establishing informed active unambiguous consent I've heard
some say that means you'll lose customers but I say you'll have a better
engagement with them you'll be better able to direct more targeted marketing
to them and you'll have complete confidence that your customers have
given informed consent in total my office regulates around a dozen pieces
of legislation that's quite a challenge for the regulator it's a challenge I
accept I'm strengthening my team in both number
and expertise and we're moving the ICO to a place where we can deliver our new
responsibilities our obligations to organizations and most importantly the
public a bit more on that later just last month the Treasury provided my
office with pay flexibility for the next three years and this is an essential
upgrade which should allow the ICO to attract and retain the brightest and the
best and it will enable me to retain expert staff and attract new
technologists new lawyers and auditors by the way we're hiring and we've
launched an active secondment programme which has brought an influx of
new talent into my office often paid by sponsoring organisations we're just
getting busier and the momentum is quickening
we're expecting more of everything more complaints as people become better
informed of their rights more breach reports because the law mandates it and
greater engagement as organisations turn to us for advice you'll know by now that
while I'm never afraid to use the stick in the cupboard I do prefer the carrot
education engagement encouragement they all come before enforcement and I said
many times that we are a pragmatic regulator and that hefty fines will be
reserved for those who willfully or persistently flout the law this is a
good time to walk you through the principles of our new regulatory action
policy the policy sets out how we envision discharging our regulatory
powers as the range and the strength of those powers escalates we'll be
presenting it in full at our annual Data Protection Practitioners Conference on
the 9th of April but I can let you it I can let you in and talk about a few of
the headlines our policy emphasis of course the ICO's commitment to lead
implementation and oversight of the GDPR and other data protection reforms it
sets out our commitment to exploring innovative and technologically agile way
of protecting privacy strengthening transparency and accountability to
protect the public in a digital world the policy sets out our approach to help
create a regulatory environment where data subjects are protected and
businesses are able to operate and innovate efficiently in a digital age so
these two must go hand-in-hand privacy and innovation support
education and guidance is at the heart of our regular regulation but it's
backed up by tough action where obligations are not met or ignored
we will consider each case on its own merit as you would expect but generally
the more serious high impact deliberate willful or repeated breaches can expect
the most robust response we'll also reserve our strongest sanctions for
breaches involving novel technological approaches that present a high degree of
intrusion into people's privacy there's an international element of
course data knows no borders and liaising with other data protection regulators
around the world sharing information to help investigations is key and we'll
continue to work with other regulators and agencies the National Cyber Security
Centre the National Crime Agency sector and consumer regulators to
name a few so this is our policy but it's not set in stone we will continue
to work with others and keep it under review to ensure continued effectiveness
so enough about us what about you well I know a little bit more about you than
you might think the ICO has forged a strong relationship with the DMA and it
has brought your concerns and comments direct to my door
the DMA plays a important role in driving good practice with marketers
it's influential and well-connected in the last year I have had the privilege of
meeting with met with Mark Runucus, board chair, but I've also had several
productive meetings with Chris Combemale and John Mitchison. Many of
you will have engaged with my staff individually or through
like the British Retail Consortium or the Internet Advertising Bureau our
links to you through the DMA give me special insight into what is actually
keeping you up at night consent versus legitimate interest as
I've already mentioned I know you're concerned about legacy data profiling
and into what you're prioritising upgrading your privacy policies getting
breach reporting in place so it really heartens me that the data protection
reforms are very much on your mind because that means that you care maybe
what you care most about is bottom line compliance with the law but I hope and I
believe that you also care about the public about treating your customers
fairly being transparent and ultimately earning their trust and confidence
because the way the personal data can be used to improve to ease and to enrich
our lives is truly a wonder data is vital in the modern world
it matters to organisations and it should matter to the people that own it
and that's not you by the way or anyone else personal data is just that personal
the new individuals' rights set out in the GDPR reflect that truth and my
own priorities as set out in my Information Rights Strategic Plan
reflect that too. goal number one increase public trust and confidence in the way
that personal data is handled that's why people are at the heart of everything
that we do and I know they're at the heart of what you do too. the GDPR
gives people new rights in total there are eight individual rights and together
they people choices about how their data is
used how its shared and how it's stored but if people don't know they have these
rights how are they going to exercise them and if they remain uninformed will
companies play fast and loose with the law knowing that they're unlikely to be
tested like us I suspect other EU regulators are
concentrating on ensuring that organisations are prepared but the ICO
has not forgotten the public if you consider that each person has a data
relationship with around a hundred organisations you can imagine the sheer
volume of educational material that they could be drowning under and those
businesses and organisations are duplicating effort because they're
taking the same issues of awareness and understanding there is an alternative
and that's for UK organisations public and private alike to take a
collaborative approach and work together with the ICO to develop baseline
educational messages about data protection reform for UK citizens
messages that will help raise awareness but also increase trust in a data-driven
world and we have done just that in October last year I wrote to a number of
organisations to invite participation and support in taking a collaborative
approach and I'm delighted to report that the response was extremely positive
and work has been progressing at pace with true cross sector
participation to get messages and materials prepared that you can refer to
or you can use directly in your own communication activities. Rachel
Aldighieri, Managing Director here at the DMA, and Fedelma Good from PwC
are keenly involved in this initiative and they are going to join Robert Parker,
my Head of Communications, on a panel later this morning to explain all of
this in more detail I hope that you'll be inspired to jump on the bandwagon so
I've spoken a lot about change progress growth how we all need to do things
differently to meet the requirements of data protection reforms but that you
have to take the people with you this is change. This is change for the
good. Thank you and have a very good conference.
you
Không có nhận xét nào:
Đăng nhận xét