Teaming up with... AVIVA

Welcome to the UKGI weekly regulation update service for Aviva ABC brokers

We hope you find the Updates useful. If you are
interested in subscribing to our affordable
ABC compliance support package, please
email us at ABC@ukgigroup.com or
call UKGI on our dedicated ABC
contact line 01925 767893.

ICO launches consultation on draft Statutory Guidance

Oct 7, 2020 | ICO

Link(s): https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/10/ico-launches-consultation-on-draft-statutory-guidance/ https://ico.org.uk/about-the-ico/ico-and-stakeholder-consultations/ico-consultation-on-the-draft-statutory-guidance/

Context

The Information Commissioner’s Office (ICO) has launched a public consultation on its draft Statutory Guidance, which details how it will regulate and enforce data protection legislation in the UK.

The draft Statutory Guidance is a requirement of the Data Protection Act 2018 and explains the ICO’s powers; when it will use them and how it calculates fines. It is designed to ensure the rights and freedoms of individuals are protected and provide assurance to businesses that the ICO will use its powers proportionately and consistently.

This document sits alongside the Regulatory Action Policy (RAP), which details how the ICO regulates the other pieces of legislation it covers. The RAP is currently under review.

Key points to note

The document sets out the way in which the ICO will approach its regulatory activity. This includes:

  • conducting assessments of compliance with the DPA 2018 and GDPR (referred to as the ‘data protection law’);
  • issuing information notices; ‘urgent’ information notices under the DPA 2018, requiring individuals, data controllers or processors to provide information on not less than 24 hours’ notice;
  • applying for a court order requiring compliance with the information notice issued under the DPA 2018, if the recipient does not provide a full and timely response;
  • issuing assessment notices under DPA 2018;
  • issuing ‘urgent’ assessment notices under the DPA 2018, requiring data controllers or processors to allow the ICO to undertake an assessment of whether they are compliant with data protection law, on not less than seven days’ notice;
  • issuing no-notice (or short notice) assessment notices under the DPA 2018 where the ICO has reasonable grounds to suspect that the data controller or processor has:
    • failed or is failing to comply with certain provisions of the data protection legislation (set out in section 149(2) DPA 2018); or
    • has committed or is committing an offence under the DPA 2018, allowing the ICO to undertake an assessment on less than seven days’ notice;
  • issuing enforcement notices requiring specific actions by an individual or organisation to resolve breaches, including breaches of applicable information rights obligations. An ‘urgent’ enforcement notice under the DPA may be used to require action to resolve breaches or potential breaches of the data protection law, on not less than 24 hours’ notice;
  • administering fines by penalty notices in the circumstances set out in section 155 of the DPA 2018;
  • administering fixed penalties for failing to meet specific obligations (a failure to pay the relevant fee to the ICO); and prosecuting criminal offences before the courts.

Next Steps

The consultation will remain open until 5pm on Thursday 12 November 2020 and feedback can be provided online via this link: https://wh.snapsurveys.com/s.asp?k=160017233253