ICO Consults on Regulatory Action Policy

May 3, 2018

The ICO has launched a consultation to gather the views of
stakeholders and the public on the way it plans to regulate new data protection

Comments on the draft Regulatory Action Policy are sought
by 28 June.

The Policy takes account of enhanced powers set out in the Data
Protection Bill currently going through Parliament. Proposed new powers include
no-notice inspections, compelling people and organisations to hand over
information and making it a criminal offence to destroy, falsify or conceal

The Policy also covers all 11 pieces of legislation for which the
ICO is responsible, including the Freedom of Information Act and the Privacy
and Electronic Communications Regulations, which cover nuisance calls, texts
and emails.

The ICO states that it reinforces their commitment to a
proportionate and risk-based approach to enforcement.

James Dipple-Johnstone, Deputy Information Commissioner, said:

‘Our approach is designed to
protect people’s information but also ensure that business is able to function
and innovate in the digital age.

We’ll target our most
significant powers on repeated, wilful or serious failures to take proper steps
to protect personal data and deliver information rights. Our formal regulatory
will serve as an important deterrent where it needs to.’

The revised Policy will be subject to Parliamentary consideration
and final approval.