The UK Information Commissioner’s Office (ICO) is strategically focusing on the “fairness” requirement under the GDPR – says U.K. Information Commissioner Elizabeth Denham.
The focus is unfair, invisible processing. This includes big tech, data brokers, credit reference agencies and adtech, specifically looking at transparency and fairness, as well as the legal basis for consent.
Regarding Brexit, she said that if there is a hard Brexit and the ICO becomes a third country, companies who commit a trans-border breach could face, instead of a one-stop shop under the GDPR, a two-stop shop.
“You could have to address two different sanctions for the same cross-border breach”.
Since GDPR came into force, the Irish Data Protection Commission has been hit with 6,000 complaints lodged. The majority of those complaints have been resolved says Irish Data Protection Commissioner Helen Dixon.
Currently, the Irish DPC is conducting 18 large-scale investigations, of its own volition, on tech companies and expects to bring “first-draft decisions” to the European Data Protection Board this summer.