Information Commissioner calls for organisations to begin preparations around EU data protection reforms

Information Commissioner Christopher Graham

Information Commissioner Christopher Graham

Information Commissioner Christopher Graham has called upon organisations to begin their preparations for the forthcoming EU data protection reforms.

Speaking at the ICO’s annual Data Protection Practitioners’ Conference held in Manchester, Graham highlighted how maximum fines as high as 20 million Euros for breaches of the new EU General Data Protection Regulation mean that organisations cannot afford to “get data protection wrong”.

Graham stated: “People have never been so aware of what their personal data is, and never cared so much about how it’s used. The law is changing to reflect that.”

The Information Commissioner continued: “The EU’s data protection reforms promise to be the biggest shake-up for consumers’ data protection rights for three decades. Organisations simply cannot afford to fall behind. We know data protection officers understand this, and we know they sometimes find their views ignored in the Boardroom. The new law gives directors 20 million reasons to start listening.”

The EU’s General Data Protection Regulation is four years in the making. Agreement on the new rules was reached last December, and work is now ongoing around translation and legal accuracy. Final political sign-off is expected in the summer, followed by a two-year transition period before the regulation becomes law across the EU (including replacing the EU Directive upon which the UK’s Data Protection Act 1998 is based).

Guidance work to be done

As the regulator, the ICO’s role is not just about enforcement and fines. There’s a significant amount of work to be done in guiding organisations who want to make sure they’re following the new rules, and getting it right from the start. With that in mind, the ICO is publishing a guide setting out how organisations can begin their preparations for the changes.

Launched at the Manchester conference, the 12-step guide will explain that many of the new laws’ concepts and principles are the same as those currently in UK law, but new elements and significant enhancements mean organisations will have to do some things differently.

The ICO’s Data Protection Practitioners’ Conference brought together over 800 delegates attending from a variety of different sectors. As well as key speakers, the event included workshops on a range of data protection topics, from handling subject access requests through to CCTV.

BSIA’s Information Destruction Section offers expert advice

The British Security Industry Association’s (BSIA) Information Destruction Section exhibited at the Data Protection Practitioners’ Conference.

Adam Chandler

Adam Chandler

Running alongside the busy seminar programme was an information market where organisations involved in activities that are relevant to the Data Protection Act could exhibit. The BSIA’s Information Destruction Section had expert representatives on hand throughout the day to provide advice and guidance on secure data destruction.

Adam Chandler, chairman of the BSIA’s Information Destruction Section, explained: “Under the Seventh Principle of the Data Protection Act, a business must take appropriate measures against accidental loss, destruction or damage to personal data and against unauthorised or unlawful processing of that data. To fully comply with the Act, a data handler must have a written contract with a company capable of handling confidential waste, which can provide a guarantee that all aspects of collection and destruction are carried out in a secure and compliant manner. To ensure this, suppliers should comply with the European Standard BS EN 15713:2009 for security shredding and also BS 7858 for staff vetting.”

*For further information about the BSIA’s Information Destruction Section visit:

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts