Accountability the Next Step in Data Protection
The UK’s Information Commissioner stressed in a speech on Monday that nearly one year into GDPR, the regulation is at a critical stage.
There have been tremendous strides in data protection since the implementation of the General Data Protection Regulation last May but there's still plenty more to be done from an accountability perspective, according to the UK's Information Commissioner.
Elizabeth Denham, Britain’s Information Commissioner since 2016, reflected on the GDPR, data protection achievements and challenges in a keynote speech at the Data Protection Practitioners' Conference in Manchester on Monday, and stressed that she hasn't seen data protection, as a culture, shift from compliance to accountability.
“I think even so early in the new law’s lifespan, we’re finding ourselves at a critical stage,” Denham said, “For me, the crucial, crucial change the law brought was around accountability. Accountability encapsulates everything the GDPR is about.”
Because of this deficiency, Denham told the crowd she thinks there's a real opportunity for data protection professionals to bridge that gap and "have a real impact on that cultural fabric of [their] organization, beyond bolt on compliance work.”
In Denham's eyes, the next wave of GDPR needs to look past compliance and zero in on comprehensive data protection, a concept that embeds what the Commissioner calls sound data governance into business processes.
The Commissioner gave three examples of data protection professionals who are going above and beyond in the industry and satisfying this rationale.
The shortlist includes legal experts who double as business analysts and can comprehend how data protection fits with the vision of the organization, “where it can be imperative, positive and transformative,” professionals who coach and have built a network of ambassadors within the business that understand what needs to be done, along with marketers, who have mastered ways to "get people to look up from their day jobs and realize they all need to buy-in."
While not a new concept, it's the second time in the last several weeks that Denham has harped on the theme of accountability - one of the seven key principles of GDPR - as it relates to data protection.
In South Africa, at a speech at the International Conference of Information Commissioners (ICIC) last month, Denham said the ICO as a group is committed to the advancement of transparency, accountability, and democracy, acknowledging the themes unite everyone and are the basis for collaboration and combating challenges.
The concept of accountability essentially requires organizations to take responsibility for what they do with personal data. The concept, per the EU's Data Protection Supervisor, requires orgs to put in place the appropriate technical and organizational measures to be able to demonstrate what they did and its effectiveness when requested.