No GDPR Grace Period Says the UK ICO

Steve Wood, the Information Commissioner’s Office Head of International Strategy & Intelligence has quashed any suggestions of a soft start to GDPR at the IAPP’S Data Protection Intensive in London.

“You will not hear talk of grace periods from people at the ICO. That’s not part of our regulatory strategy.”

He explained the ICO intend to focus on risk and will be happy to work with organisations if there are any areas that seem unclear but there will be no grace period.

Consent and Transparency

Wood outlined the ICO’s main concerns will be transparency, control and accountability as well as focusing on the issue of consent. “Data protection authorities across Europe will be asking penetrating questions about records of consent and will be looking very much at how organisations got the record, who has consented, when they consented, what they were told, as well as mechanisms for withdrawing.”

Accountability and Data Protection Audits

On the accountability front, Wood suggested organisations will thrive when and if accountability is embedded organisation-wide and a range of stakeholders take responsibility for different parts of the process.

In terms of clear advice in the event of an audit, he said “If we come knocking on the door, if we investigate or conduct an audit in an organisation, the best way you can demonstrate to us that we won’t need to delve deeper and you’ve got covered all the compliance issues is to have a comprehensive accountability program, and to be able to take us through the different steps you’ve taken to address compliance issues.”

It’s Now Time to Invest

Wood concluded by offering some sage advice – “The key thing to do is invest now and convince people in your organisation why data protection is important for trust.”

The board of a multinational medical device organisation required a secure, cloud-based solution which facilitated virtual board member collaboration on key documents in preparation for monthly board meetings.

The documentation was regularly of a highly commercially sensitive nature, largely relating to ongoing clinical trials, and as such demanded a secure and encrypted platform which could be implemented without the engagement of internal IT resources.

Key challenges that need to be considered:

Geographically dispersed stakeholders
Highly commercially sensitive documentation
No internal IT involvement
Multiple stakeholders required to collaborate on
single documents

Wizuda MFT gave them a centralised view of all their file transfer activities and a network overview of the data flows. IT now had instantly available reporting and could provide geographic maps and network overviews to senior management of all file transfer activities in the organisation. These could also be categorised in ways that made sense for the business from a priorities perspective. Wizuda’s unique ‘Health Check’ dashboard with automated monitoring and alerts, allowed them to manage all transfer operations proactively and ensured they were always on top of any issues.

From a GDPR compliance perspective, transfers could be linked to Data Protection Impact Assessments were required and data could be anonymised as part of the transfer process. Wizuda MFT enabled them to apply the latest security protocols for file transfers and encrypt data at rest and in transit. Passing cyber-security and GDPR compliance audits became a lot easier.

About Wizuda

Developing IT Solutions to Make Businesses Better

At Wizuda we focus on developing IT solutions which help businesses grow and empower people to collaborate and stay connected securely and compliantly. Specialists in secure data transfer since 2001, all development and support operations are carried out from our two Irish

offices located in Dublin (Wizuda Headquarters) and Limerick. We pride ourselves in developing software solutions that allow organisations to take back control of their file transfer and data sharing operations, enabling them to operate efficiently, securely and compliantly