UK data watchdog calls for tougher investigatory powers under GDPR

ICO chief warns current audit powers are being "outpaced" by advances in data analytics

The UK's Information Commissioner has called for stronger powers to be introduced to make it easier for regulators to investigate data breaches within the confines of new European data protection laws.

ICO chief Elizabeth Denham warned that the powers to audit companies suspected of mishandling data under GDPR law is "being outpaced by technological advances in data analytics".

She added that the recent Cambridge Analytica scandal demonstrated the need for a more "streamlined" approach to investigations, and powers that allow the ICO to act far sooner than it has been able to.

Under GDPR, Denham said she will be able to "look behind the curtain" and see who has our personal data and how they're using it. However, the ICO needs to be able to act on this information.

Speaking at the IAPP Europe Data Protection Intensive 2018, Denham said the ICO was working with the government to negotiate the introduction of such powers, and that it would also be making changes internally to help improve the regulator's effectiveness.

Advertisement
Advertisement - Article continues below

In March, the ICO's Demand for Access to the London Cambridge Analytica headquarters was delayed by three days because the court adjourned the hearing. Allegedly, this was because Cambridge Analytica's legal counsel was not available, however, during the adjournment, boxes were seen being removed from the headquarters in the days prior to the ICO's seven-hour search.

Denham made it clear that though the ICO wants to respect companies' rights, it needs a warrant process with a "lower threshold".

"We need the regime to reflect the reality that data crimes are real crimes," Denham said. "As society moves increasingly online, data protection law needs to have the comprehensive reach people would expect of laws in the physical world."

In order to achieve this comprehensive reach, the ICO expects to recruit around 200 more employees by 2020, and has set up a telephone base so that callers can easily report breaches to real people. Parliament has also agreed to an increased budget from 28 million to 35 million for 2018/19.

"My aim is to prevent harm, and to place support and compliance at the heart of our regulatory action," Denham said. "Voluntary compliance is the preferred route."

The ICO will enforce GDPR with heavy fines and audits, however, if companies "persistently, deliberately or negligently" refuse to comply.

Read Elizabeth Denham's full speech here.

Image: Shutterstock

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354195/where-modernisation-and-sustainability-meet-a-tale-of-two
Sponsored

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019