By Max Salsbury
The Information Commissioner’s Office (ICO) has decided to step things up as we countdown to General Data Protection Regulation (GDPR) day (25 May 2018, the day before my birthday).
The Information Commissioner herself, Elizabeth Denham, has begun a series of blogs to separate the ‘fact from the fiction’ surrounding the EU’s vast data protection shakeup.
The ICO thinks there’s a ‘lot of misinformation’ floating about (or ‘fake news’ as we all call it now) concerning such things as its new fining powers, which apparently fake news types are claiming represent the biggest threat to organisations from the GDPR.
Commissioner Denham’s not having any of that, who writes: ‘This law is not about fines. It’s about putting the consumer and citizen first. We can’t lose sight of that. Focusing on big fines makes for great headlines, but thinking that GDPR is about crippling financial punishment misses the point.’
Which is reassuring but doesn’t deny or change the fact that the ICO will soon have powers to impose MASSIVE fines beyond its wildest dreams (up to £17m or 4% of a company’s global turnover).
Another myth the ICO thinks needs a busting is ‘you must have consent if you want to process personal data’.
To which Commissioner Denham writes: ‘Consent under the current data protection law has always required a clear, affirmative action – the GDPR clarifies that pre-ticked opt-in boxes are not indications of valid consent. The GDPR is also explicit that you’ve got to make it easy for people to exercise their right to withdraw consent. The requirement for clear and and plain language when explaining consent is now strongly emphasised. And you’ve got to make sure the consent you’ve already got meets the standards of the GDPR. If not, you’ll have to refresh it.’
So, hopefully that’s made things a lot clearer. You can read all about the latest myths here, and the ICO has promised to bust apart some more GDPR fake newsy nonsense next week.