The guidance is required by the Data Protection Act 2018 and sets out the ICO’s approach to regulating and enforcing data protection legislation.
The Information Commissioner's Office has launched a public consultation on its draft Statutory guidance, which details how it will regulate and enforce data protection legislation in the UK. The guidance is required by the Data Protection Act 2018. The document aims to support the ICO’s primary responsibility of ensuring compliance with the law, and explains the ICO’s powers, when it will use them and how it calculates fines. It sets out its risk-based approach to taking regulatory action against organisations and individuals that have breached the provisions of data protection law. The ICO's focus is on the areas of highest risk and most harm and the principles it applies in exercising its powers.
The draft guidance aims to ensure that the rights and freedoms of individuals are protected, as well as seeking to provide assurance to business that the ICO will use its powers proportionately and consistently. The ICO says:
"the ICO’s approach is designed to help create an environment within which data subjects are protected, while ensuring business is able to operate and innovate efficiently in the digital age. We will be as robust as we need to in upholding the law, whilst ensuring that commercial enterprise is not constrained by red tape or concern that sanctions will be used disproportionately."
The guidance sits alongside the Regulatory action policy, which sets out how the ICO regulates the other pieces of legislation it covers. The Regulatory action policy is currently under review. The data protection guidance will be published after the Brexit transition period ends, so it has been drafted accordingly.
The guidance seeks to:
By issuing the guidance, the ICO says that it is:
The consultation ends on 12 November 2020.