Peter Brown, group manager (technology policy) at the Information Commissioner’s Office (ICO), will be speaking about data protection principles in the context of cyber security at the first Public Cyber Security conference on 7 December. Brown spoke to reporter Hannah Crouch about how the ICO plans on governing the General Data Protection Regulation (GDPR) in the UK and why data protection laws needed updating.
Brown joined the ICO in 2015 and is part of a team of specialists responsible for the development and delivery of technical and information security expertise.
GDPR enforcement
The ICO is in charge of governing organisations which collect, use and keep individual’s information.
Therefore when GDPR comes into force on 25 May it will be ensuring such companies stick to the rules and handing out fines, which can reach up to £8.8 million (10 million Euros), to those that do not.
Brown will be joined at the cyber event’s Policy and Skills workshop by Gabriel Voisin from Bird and Bird LLP’s international privacy and data protection branch.
Voisin told Digital Health News that it would interesting to hear from Brown about how the ICO plans on enforcing GDPR.
In response Brown said he could not say with ‘absolute certainty’ how the ICO’s enforcement powers under GDPR will function in practice, as the issue is currently being debated in parliament as part of the Data Protection Bill.
However, he did say GDPR whilst seen as a huge change, is more of an evolution than a revolution – and one that will put the ICO in a much more prominent position in respect of cybersecurity.
Benefits of GDPR
GDPR is being introduced in a bid to encourage transparency and heavily fine those organisations which breach data regulations.
“It is about putting people back in control of their data,” Brown said.
When asked whether he feels enough organisations will be ready for the 25 May deadline, Brown said the majority will already have the correct structure in place.
“This is an opportunity to do things properly,” he said.
“Organisations that already do that will be in a better position.”
Modern data protection laws
Bringing data protection laws into the modern age was ‘very much the purpose’ of GDPR according to Brown.
GDPR will replace the Data Protection Act which was introduced in 1998.
“The digital world has changed, more data is being processed now than in the mid-nineties,” Brown said.
“The Data Protection Act has stood the test of time very well but there is that need for change.
“There has been an daily explosion of data and the law has to keep up to ensure people have trust and confidence in the digital economy.”
You can catch Brown between 11.55am and 12.40pm at the ICC Birmingham.
The Public Cyber Security conference is free to attend for public sector information security, IT and IG professionals.
17 December 2017 @ 10:29
I think you will find that GDPR fines are up to € 20 million or 4% of global turnover, whichever is the greater.