The Information Commissioner’s Office (ICO), which is the UK’s regulatory body for all things ‘data protection’, is currently running a public consultation on its draft Statutory guidance which would, when finalised and approved, govern how, and the reasoning behind why, it may take regulatory action against organisations who do not comply with the Data Protection Act 2018.
The draft Statutory guidance details how the ICO will exercise its regulatory functions when issuing a wide range of sanctions from information notices to penalty notices and fines. This will be published with the aim of keeping the public and data controllers informed as to how the ICO’s enforcement arm operates.
Key elements of the draft Statutory guidance include:
- How it will uphold information rights for individuals in the digital age;
- When, how, and its reasoning behind, taking regulatory action against organisations;
- What action it can take if they do not receive a response from an organisation who has been sent an ICO notice;
- What types of personal data the ICO can request access to when investigating;
- How it will handle ‘special category’ personal data (ie very sensitive data such as health and medical records) and privileged data when investigating or considering taking regulatory action;
- How and why it will conduct interviews and assessments with organisation’s members of staff and personnel;
- What steps it will take to determine the level of fine it intends to impose on an organisation.
Members of the public and data controllers may provide their responses to the ICO’s survey
The draft Statutory guidance can be found here:
The consultation closes on 5pm on 12 November 2020.
- Like this ? Share with friends