ICO’s puts its foot back on the gas after a pause for Covid-191st October 2020
The ICO updated its regulatory approach in April 2020, when we were in the full force of the initial shock and repercussion of the pandemic. They updated it again in July 2020 to adapt to this ever-developing challenge. These updates pertained to more leniency.
However it is a balancing act for the ICO. As an independent regulator their role is to act in the public interest, so as Elizabeth Denham, the Information Commissioner, explains, their approach has always been to be ‘pragmatic and proportionate’.
They need to balance the strains on companies, caused by the ongoing coronavirus pandemic, against people’s information rights.
This latest update to their approach is another step towards returning to pre-Covid levels of expected compliance, albeit still with some caveats.
The ICO states categorically that they will ‘focus their efforts on the most serious risk and greatest threats to the public’.
If you need any help interpreting what this means for you and your organisation, you are welcome to >>book a complimentary 30 minute zoom consultation<< with one of our data protection specialists.
What you need to know from the latest open letter from the ICO:-
- The ICO will take firm action against those looking to exploit the public health emergency through misuse of personal data.
- The ICO will be flexible in their approach, taking into account the burden on the individual organisation.
- The ICO will continue to develop further regulatory measures aimed at supporting economic growth and recovery.
- Where organisations have a backlog of complaints, the ICO expects them to have ‘robust recovery plans in place to ensure they reduce these backlogs within a reasonable timeframe’.
- Personal data breaches must be reported to the ICO within 72 hours of the organisation becoming aware of the breach.
- In deciding whether to take formal regulatory action, the ICO will ‘consider whether the organisation’s non-compliance results from the coronavirus pandemic’.
- The level of fines might be reduced, dependent upon circumstances.
- The ICO ‘expects organisations to appreciate the ongoing importance of proper record keeping during a period that will be subject to future public scrutiny’.
Overall, what the letter is saying is that whilst they will still be fair to organisations, they won’t allow the pandemic to be used as an excuse for poor performance as far as complying to data protection legislation is concerned. Although the ICO have a balancing act to do, this letter is a shot across the bows of organisations. You can’t blame non-compliance on Covid-19 unless you have a genuine reason to do so.
If you need some help at this confusing time, or if you don’t have the in-house resources you need, please do get in touch. Book a no-obligation, complimentary Zoom consultation and one our data protection specialists will be delighted to help.
Call: +44 (0)1673 88 55 33
Email: [email protected]