The Information Commissioner’s Office (ICO) has launched a public consultation on its draft statutory guidance on how it will regulate and enforce data protection legislation in the UK.
The document sets out a risk based approach to taking regulatory action against organisations and individuals that have breached the provisions of data protection law, with a focus on the areas of highest risk and most harm and the principles applied in exercising the powers.
It explains the ICO’s powers, when it will use them and how it calculates fines, and seeks to provide assurance to business that it will use its powers proportionately and consistently.
Information Commissioner Elizabeth Denham said: “The primary role of my office is to protect the rights and freedoms of individuals in the digital age, and this draft guidance explains how my office will achieve this.
“It sets out our proportionate approach to regulatory action, yet details the robust action we will take against those that flout the law”.
The statutory guidance is a requirement of the Data Protection Act 2018 and sits alongside the regulatory action policy (RAP), which details how the ICO regulates the other pieces of legislation it covers. The RAP is currently under review.
The consultation will remain open until 12 November.
Image from iStock, abluecup