UK data watchdog calls for tougher investigatory powers under GDPR
ICO chief warns current audit powers are being "outpaced" by advances in data analytics
The UK's Information Commissioner has called for stronger powers to be introduced to make it easier for regulators to investigate data breaches within the confines of new European data protection laws.
ICO chief Elizabeth Denham warned that the powers to audit companies suspected of mishandling data under GDPR law is "being outpaced by technological advances in data analytics".
She added that the recent Cambridge Analytica scandal demonstrated the need for a more "streamlined" approach to investigations, and powers that allow the ICO to act far sooner than it has been able to.
Under GDPR, Denham said she will be able to "look behind the curtain" and see who has our personal data and how they're using it. However, the ICO needs to be able to act on this information.
Speaking at the IAPP Europe Data Protection Intensive 2018, Denham said the ICO was working with the government to negotiate the introduction of such powers, and that it would also be making changes internally to help improve the regulator's effectiveness.
In March, the ICO's Demand for Access to the London Cambridge Analytica headquarters was delayed by three days because the court adjourned the hearing. Allegedly, this was because Cambridge Analytica's legal counsel was not available, however, during the adjournment, boxes were seen being removed from the headquarters in the days prior to the ICO's seven-hour search.
Denham made it clear that though the ICO wants to respect companies' rights, it needs a warrant process with a "lower threshold".
"We need the regime to reflect the reality that data crimes are real crimes," Denham said. "As society moves increasingly online, data protection law needs to have the comprehensive reach people would expect of laws in the physical world."
In order to achieve this comprehensive reach, the ICO expects to recruit around 200 more employees by 2020, and has set up a telephone base so that callers can easily report breaches to real people. Parliament has also agreed to an increased budget from 28 million to 35 million for 2018/19.
"My aim is to prevent harm, and to place support and compliance at the heart of our regulatory action," Denham said. "Voluntary compliance is the preferred route."
The ICO will enforce GDPR with heavy fines and audits, however, if companies "persistently, deliberately or negligently" refuse to comply.
Read Elizabeth Denham's full speech here.
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now