With one week to go before the General Data Protection Regulation (GDPR) kicks in, Henry Cazalet, director of SMS gateway provider, The SMS Works, profiles the lady tasked with enforcing it in the UK, Information Commissioner, Elizabeth Denham.
Elizabeth Denham is undoubtedly one of the most powerful women in the country. She holds the top job at the Information Commissioner’s office (ICO). As Information Commissioner, she is responsible for overseeing the smooth implementation of GDPR which comes into effect one week today.
Since her appointment in July 2016 she has issued the ICO’s largest fines, including a high-profile penalty of £400,000, handed out to Carphone Warehouse for an incompetent data breach of customer data and bank details.
She has also been at the forefront of the ongoing Facebook data scandal, having recently announced that she will be investigating over 30 companies in her investigation into the extent of data misuse at the company.
In the past year she has been ramping up the pressure on companies that persist in breaking anti-spam and data protection rules. Our own figures reveal that January 2018 was a record month for fines. As well as the highest number of fines given in any month, the total in monetary penalties she issued in January reached a new high of £1.7m. For context, a total of £4.9m was raised in the whole of 2017. She’s clearly a person who’s taking her role seriously and has a firm hand on the tiller of the ICO.
Denham enjoyed a distinguished career before landing the £140,000 per annum top ICO job, having been the Information and Privacy Commissioner for British Columbia, Canada and Assistant Privacy Commissioner of Canada. In 2011, she received praise for her ground-breaking work in the field of access and privacy, receiving honorary alumni status from the University of British Colombia. Further honours came in 2013 when she received the Queen Elizabeth II Diamond Jubilee Medal for her service as an Officer of the Legislature of British Columbia, Canada.
Shortly after she joined the ICO, she was recognised as being one of the three most influential people in data-driven business at the annual Data IQ 100 list, along with a visiting professorship at University College London. This was topped off in 2018 with her being named as the most influential person in data-driven business in the updated DataIQ 100 list.
Denham demonstrates a steely, no-nonsense determination to make sure that GDPR is a success, ensuring companies and organisations that hold and process customer data understand their responsibilities.
Commenting on what she expected 2018 to be like for the data and analytics industry, she said: “The GDPR requires us to prepare for a once-in-a-generation change where organisations need to put people at the centre of data processing.”
She’s also sent a strong message that the 25 May deadline is fixed in stone, by emphatically stating: “...there will be no ‘grace’ period – there has been two years to prepare and we will be regulating from this date.”
Denham is a very accomplished and polished presenter and interviewee. Whether she’s giving a high-profile interview for Channel 4 news or speaking at large events, she always gives a very measured and professional performance, choosing her responses with care and precision.
In all her media appearances, what comes across loud and clear is that she is 100 per cent behind the consumer and her dogged approach to the Facebook data scandal demonstrates that she won’t tolerate misuse of consumer information in any way.
Striking a balance
There’s a sensitive balance that Denham has to find between robustly defending the rights of the consumer and not being perceived as anti-business or trying to stifle normal customer communications. GDPR regulations are complex and there’s a danger that the business community reacts negatively to the burden of the additional work needed to comply. Her GDPR myth busting series of blogs goes a long way to clarifying some of the more outlandish rumours that have been swirling around.
Despite Denham’s reassurances, questions remain about how stringently the new rules will be interpreted and enforced. In response to rumours that massive fines would result from the rules being broken, she said: “It's scaremongering to suggest that they will be making early examples of organisations for minor infringements or that maximum fines will become the norm. The ICO is committed to guiding, advising and educating organisations about how to comply with the law under the GDPR.”
What isn’t clear however is whether we’ll see a large rise in the number of fines being issued or what level of rule breaking would attract a fine.
A safe pair of hands
Despite these uncertainties, Denham is clearly running a tight ship at the ICO and she’s demonstrated that she’s exactly the sort of leader that we need fighting the consumer’s corner and all things data related.
Her next big test will come shortly after GDPR comes into effect next Friday, when the first spam or data breaches are reported. Her reaction will set the tone for her whole department. She’ll need to draw on all her experience and skills to make sure that the messages her department communicate are clear and consistent. If her performance to date is anything to go by, she’ll handle the pressure with ease.