“Change is coming but progress is optional” was the stark, but very accurate, message delivered by Information Commissioner Elizabeth Denham when she addressed the Direct Marketing Association’s Data Protection 2018 event in late February.

Ms Denham began by praising firms for the work they had done to prepare for the introduction of the General Data Protection Regulation (GDPR) in May 2018. The Commissioner commented:

“As 25 May gallops towards us, I sense a more settled mood. I think that’s because the changes in the last year have been significant. Organisations – your organisations – are well underway with GDPR preparations and the new law should now seem less daunting. Some organisations are beginning to embrace the GDPR. Seeing it for the opportunities it presents rather than the perceived barriers it throws up.”

Next, Ms Denham referred to the vast library of guidance published by the GDPR and reminded smaller firms that they could call a dedicated helpline at the Information Commissioner’s Office (ICO) when they required assistance to GDPR queries.

The Commissioner made reference to the changing world of data protection in the next section of her speech:

“Change is coming. It is inevitable. Progress, however, is optional.

“So, I’m looking around the room and wondering where you’re at. This time last year – whether you were in this room, following the conference on Twitter or just getting on with your day job – do you feel you’ve moved on? Has your mindset shifted?

“We at the ICO have certainly changed. And we’re progressing.

“My office is working in a new age of data protection. This government and others around the world fully recognise that personal data is the fuel that powers so much of what makes our economy, our home life, our public services function.”

Ms Denham highlighted that GDPR is not the only data protection change on the horizon, and referred specifically to the NIS directive, which will impose new reporting rules for organisations that suffer a cyberattack, and the e-privacy regulation, which will set out a series of new rules for direct marketing via phone, text and email. One option being considered under the e-privacy regulation is a default option for all consumer marketing to require opt-in from the recipient.

Ms Denham also devoted a significant chunk of her speech to encouraging firms to treat customers fairly when it comes to data protection, in addition to ensuring that they comply with the letter of the law. On this subject, she commented:

“Data is vital in the modern world. It matters to organisations and it should matter to the people that own it. And that’s not you, by the way. Or anyone else. Personal data is just that – personal.

“The new individuals’ rights set out in the GDPR reflect that truth. And my own priorities as set out in my Information Rights Strategic Plan reflect that too. Goal 1 – increase public trust and confidence in the way personal data is handled.

“That’s why people are at the heart of everything that we do. I know they are at the heart of what you do too.

“The GDPR gives people new rights. In total, there are eight individual rights and, together, they give people choices about how their data is used, shared and stored.

“But if people don’t know they have these rights, how will they exercise them? And if they remain uninformed, will companies play fast and loose with the law, knowing they are unlikely to be tested?”

The information shown in this article was correct at the time of publication. Articles are not routinely reviewed and as such are not updated. Please be aware the facts, circumstances or legal position may change after publication of the article.