The following transcript comes from an interview with Elizabeth Denham on Radio 4’s Today Programme on the 25th May 2018 and contains some key points about how the new GDPR regulations apply to businesses.
“…Today is not a deadline, what we are looking for is a commitment to move forward with their new obligations we are not looking for perfection and it is nonsense to think that the Regulator, the ICO, is going to make early examples of small businesses by levying large fines.
…There is not a grace period under the law, the law has been on the Statute Books for 2 years and is in force and enforceable as of today. We have lots of tools on our web site , we are working with small businesses. Our focus of the enforcement is not going to be on the High Street butcher’s shop or the gardening business and many of these organisations that are not data intensive are not going to be effected by this new law.
…We are going to be focusing on businesses that are deliberately persistently or negligently misuse data and that is going to be our focus. That is what people expect us to do.
…We do not have thousands of inspectors going out and checking people’s homework. What we do have are millions of people that have new rites and they can take a complaint against a company to our office.
…It relies on both individuals bringing their complaints against companies and public bodies they deal with to our office but we also have pro- active steps that we can take, we are monitoring the environment, we are watching some of the big players, certainly the big tech companies and when we see the misuse of date then we can take action. That is what we did with Cambridge Analitica, Facebook . That was not a complaint, we went forward and investigated that.
…We do have in the GDPR certain types of codes of conduct and certification schemes and that is the next piece of work that we are going to do. We are looking at Certification.
…Small businesses should not panic, there is lots of help and if we should have a complaint and there was a data breach and a company came to us, we would first look if they were on their compliance journey, that they were aware of what they needed to do, that they had safeguards in place to protect leakage of personal information. There are some important things that companies should to take care of this important asset that is personal data…”
Elizabeth Denham is the UK Information Commissioner at the Information Commissioner’s Office in Cheshire.