Attending the ICO Data Protection Practitioner’s Conference in Manchester on Monday it felt good to be surrounded by other people who live, eat and breathe data protection. It also felt good to get close to those at the Information Commissioner’s Office and hear what they had to say about the changing world of data protection legislation in Europe – the General Data Protection Regulation (“GDPR”) will be published in July this year with a 2 year implementation period. The ICO has created a website dedicated to its publication, providing advice for organisations on how they should get ready for the GDPR – see Data Protection Reform in Europe. Case law in the meantime continues to develop data protection concepts and the theory is that the EU Data Protection Charter will be the basis for the judgements from the EU Court of Justice and the ECHR.

Cyber security and the increasing threat of breaches was also on the agenda and breach management is an important responsibility for all organisations but will become even more so under the GDPR with obligatory breach reporting for data controllers becoming part of the new regulatory framework.

I attended the digital platforms and privacy notices seminar which only briefly touched on alternative privacy notice and consent methods using non-traditional means. Suggestions like the use of video (Youtube clip style) or icons which would provide high level information but enable a click through to the detail sounded great. It would be even better if the ICO would take a lead on this and recommend icons which could be universally adopted enabling individuals to start giving consent in an environment where they recognised what was being asked and what their rights were. Even better would be a national consent data base which organisations could access to process an individual’s personal data.