The onus is now on businesses and organisations to change their ethos on data protection and the incoming EU General Data Protection Regulation (GDPR), which goes live on 25 May 2018, is a “game-changer.”
The GDPR builds on previous legislation but offers more privacy for consumers.
The biggest change will be around accountability, said Denham, who leads the Information Commissioner's Office. She was speaking at the ICAEW IT Faculty lecture in London last night. She added that her home country of Canada has led the way in this regard.
“It can no longer be a box-ticking exercise. Organisations have to build a culture of accountability on data protection.” Denham added that it will be especially important for SMEs to prepare.
The fact that the UK is heading for an EU exit will not make any significant difference to GDPR in the short term, she said. Regardless, Brexit won’t have happened in 2018, so home grown organisations will still need to implement the regulation’s provisions.
In addition the government has said there not be a “cliff edge” on regulation. In 2019/20 it will, however, be up for debate in Parliament, said Denham.