22
Apr 2020
ICO Publishes Update on Enforcement Approach During Coronavirus
The Information Commissioner’s Office has recently published guidance on how it intends to approach enforcement in the coming months due to the coronavirus crisis.
The ICO has stated it will take into account the current exceptional circumstances and that it intends to take a pragmatic and empathetic approach to regulation during this public health crisis whilst still focusing on the “greatest threats”.
Elizabeth Denham, the Information Commissioner, states that “Regulators apply their authority within the larger social and economic situation. We see the organisations facing staff and capacity shortages. We see the public bodies facing severe front-line pressures. And we see the many businesses facing acute financial pressures. Against this backdrop, it is right that we must adjust our regulatory approach”.
The ICO will assist frontline organisations in providing advice and guidance on data protection laws and will take firm action against those looking to exploit the public health emergency through nuisance calls or by misusing personal information.
This guidance makes it clear that businesses should continue to report personal data breaches to the ICO within 72 hours of becoming aware of the breach. In light of the fact that many organisations now have large numbers of individuals working at home it is key that all managers and employees are aware of the need to still comply with data protection requirements.
Subject Access Requests should still be responded to but the ICO recognises “that the reduction in organisations’ resources could impact their ability to respond to Subject Access Requests, where they need to prioritise other work due to the current crisis. We (the ICO) can take this into account when considering whether to impose any formal enforcement action”.
Whilst this is a welcome statement from the ICO, businesses should still be aware that the data protection obligations on everyone within an organisation are still applicable and, given the unique circumstances we are all working under such as entire businesses working from home, it is important your data protection systems are adapted and flexible enough to ensure compliance during these testing times.
Should you require any data protection advice please do contact our experienced regulatory team at nicholasworsnop@chadlaw.co.uk or nilso@chadlaw.co.uk.
- Like this ? Share with friends