UK data watchdog calls for tougher investigatory powers under GDPR
ICO chief warns current audit powers are being "outpaced" by advances in data analytics

The UK's Information Commissioner has called for stronger powers to be introduced to make it easier for regulators to investigate data breaches within the confines of new European data protection laws.
ICO chief Elizabeth Denham warned that the powers to audit companies suspected of mishandling data under GDPR law is "being outpaced by technological advances in data analytics".
She added that the recent Cambridge Analytica scandal demonstrated the need for a more "streamlined" approach to investigations, and powers that allow the ICO to act far sooner than it has been able to.
Under GDPR, Denham said she will be able to "look behind the curtain" and see who has our personal data and how they're using it. However, the ICO needs to be able to act on this information.
ICO fines firm £300,000 for 8.7 million nuisance calls General Data Protection Regulation (GDPR) Cambridge Analytica: US Congress probes data firm set up by ex-Cambridge Analytica employee
Speaking at the IAPP Europe Data Protection Intensive 2018, Denham said the ICO was working with the government to negotiate the introduction of such powers, and that it would also be making changes internally to help improve the regulator's effectiveness.
In March, the ICO's Demand for Access to the London Cambridge Analytica headquarters was delayed by three days because the court adjourned the hearing. Allegedly, this was because Cambridge Analytica's legal counsel was not available, however, during the adjournment, boxes were seen being removed from the headquarters in the days prior to the ICO's seven-hour search.
Denham made it clear that though the ICO wants to respect companies' rights, it needs a warrant process with a "lower threshold".
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"We need the regime to reflect the reality that data crimes are real crimes," Denham said. "As society moves increasingly online, data protection law needs to have the comprehensive reach people would expect of laws in the physical world."
In order to achieve this comprehensive reach, the ICO expects to recruit around 200 more employees by 2020, and has set up a telephone base so that callers can easily report breaches to real people. Parliament has also agreed to an increased budget from 28 million to 35 million for 2018/19.
"My aim is to prevent harm, and to place support and compliance at the heart of our regulatory action," Denham said. "Voluntary compliance is the preferred route."
The ICO will enforce GDPR with heavy fines and audits, however, if companies "persistently, deliberately or negligently" refuse to comply.
Read Elizabeth Denham's full speech here.
Image: Shutterstock
-
AI coding tools are booming – and developers in this one country are by far the most frequent users
News AI coding tools are soaring in popularity worldwide, but developers in one particular country are among the most frequent users.
-
Cisco warns of critical flaw in Unified Communications Manager – so you better patch now
News While the bug doesn't appear to have been exploited in the wild, Cisco customers are advised to move fast to apply a patch
-
Cyber attacks have rocked UK retailers – here's how you can stay safe
News Following recent attacks on retailers, the NCSC urges other firms to make sure they don't fall victim too
-
ICO admits it's too slow dealing with complaints – so it's eying up automation to cut staff workloads
News The UK's data protection authority has apologized for being slow to respond to data protection complaints, saying it's been overwhelmed by increased workloads.
-
“Limited resources” scupper ICO probe into EasyJet breach
News The decision to drop the probe has been described as “deeply concerning” by security practitioners
-
Surge in workplace monitoring prompts new ICO guidelines on employee privacy
News Detailed guidance on how to implement workplace monitoring could prevent data protection blunders
-
TikTok could be hit with £27m fine for failing to protect children's privacy
News Social media firm issued with a notice from the ICO for potential violations of UK data protection laws
-
What is AdTech and why is it at the heart of a regulation storm?
In-depth The UK data regulator has come under heavy fire for consistently delaying much-needed action, privacy groups say
-
ICO crackdown on AI recruitment part of three-year vision to save businesses £100 million
News ICO25 outlines a fresh approach that involves releasing learning materials, advice, and a new ICO-moderated discussion forum for businesses
-
Clearview AI fined £7.5m over improper use of UK data
News Australian facial recognition firm collected 20 billion images from the internet without consent in order to build its database