Two weeks ago, as I departed on holiday, the ICO launched a new code of practice, {‘Privacy notices, transparency and control’: https://ico.org.uk/for-organisations/guide-to-data-protection/privacy-notices-transparency-and-control/}. I did not pay it much attention because I was too busy looking at a leaning tower which made the Eastham mansion look perpendicular (it ain’t) and a five-year ceiling painting job which made my recent DIY look efficient.
But looking at it now, it becomes clear that the ICO has produced a guide that is as relevant to the GDPR as it is to the Data Protection Act. It is true that there is a separate GDPR section of additional information but this is not couched in a ‘you never know, you might not have to bother’ tone. It is clear that the ICO has swallowed the pill and accepted that the GDPR is coming – and remarkably soon. They are not hiding that approach but I still think it is best not to tell Liam Fox and David Davis.
Let’s all give thanks for that approach and raise a glass to the ICO – it is not often we do that. You might like to read the {new Code: https://ico.org.uk/for-organisations/guide-to-data-protection/privacy-notices-transparency-and-control/} while you are at it. It is full of good solid advice.
As Jo Pedder, ICO Head of Policy Delivery, said:
‘Transparency is crucial to trust in big data, Internet of Things and development of the digital economy. Organisations need to do more to explain to consumers what they’re doing with their information and why. It’s important to remember that reputation can be easily lost when people discover you haven’t been completely honest about how you are using their information.’