Month: May 2017

With all the attention on GDPR and the Article 29 Working Party guidance it would have been easy this month to overlook the Digital Economy Act 2017 and its impact on the funding of the ICO.

Whilst the ICO receives an annual grant-in-aid from the Department for Culture, Media and Sport it also funds itself through the current legal notification obligation and fee payment by data controllers under the Data Protection Act 1998. GDPR removes the notification requirement as it increases responsibility for data processors and takes a wider view at the overall processing function irrespective of which party is actually doing the processing. The Digital Economy Act 2017 includes a provision prospectively repealing the notification and fee obligation and states”the secretary of State may by regulations require data controllers to pay charges of an amount specific in the regulations to the Information Commissioner.”

The ICO may now be confident of its future, but can data controllers also be confident that fining under GDPR will not be the sole source of funding for the UK regulator and that a similar approach to fining  by the ICO will continue in the new post GDPR world? Only time will tell – watch this space for more.

With the GDPR countdown underway it is time to get organised and having mapped your data usage think about what you need to do to be GDPR compliant by 25 May 2018 (or as close as possible to that date). For those organisations in the UK, there is the added complication of Brexit less than a year later and no certainty whether our national data protection legislation will be deemed adequate and what status the ICO will have on the European data protection stage. Exciting times ahead for all data protection lawyers and with that in mind I am taking the plunge and launching myself into a solo career. It’s early days but keep viewing to follow my progress.