Mervinskiy 446

Page 134

Please also indicate what categories of data controllers, if any, you would expect to be exempt from such a requirement.

Q5.6.4. To what extent do you agree with the proposal to set out in legislation the criteria that the ICO can use to determine whether to pursue a complaint in order to provide clarity and enable the ICO to take a more risk-based and proportionate approach to complaints? ○ Strongly agree ○ Somewhat agree ○ Neither agree nor disagree ○ Somewhat disagree ○ Strongly disagree Please explain your answer, and provide supporting evidence where possible. 5.7 Enforcement Powers 388. The ICO is responsible for monitoring and enforcing the UK data protection regime. The ICO should be a strong, effective regulator that is equipped with the powers it needs to investigate compliance with the legislation and take appropriate action, where necessary, when organisations and individuals undertake unlawful data processing. 389. When organisations are using personal data unlawfully, the ICO should have the right powers available to enforce the law and take action against the genuinely bad players. The enforcement framework set out in UK GDPR and Data Protection Act 2018 provides a robust set of tools for the ICO to achieve this. This includes a suite of enforcement tools ranging from information notices, which simply require organisations to provide specific information to the ICO, through to the ability to leverage fines up to £17.5 million, or 4% of total worldwide annual turnover, whichever is higher. The aim of the enforcement regime is to promote compliance and act in a robust and proportionate manner. 390. The table below summarises the ICO’s existing enforcement powers: Power and Statutory basis

Scope

Monitor and enforce UK GDPR, including conducting investigations

The Information Commissioner’s duties to monitor and enforce the UK GDPR and to conduct investigations.

GDPR, Art.57 Information Notice Data Protection Act s.142-144

The ICO can serve an information notice on a controller or processor to request provision of information reasonably required to help the ICO carry out its statutory functions. A notice may also be served on any other person to help investigate suspected failure to comply with a Specified Failure of the UK GDPR, Data Protection Act 2018 etc (as defined below). The 134

Turn static files into dynamic content formats.

Create a flipbook

Articles inside

Privacy notice

4min
pages 144-146

5.9 Further Questions

1min
page 142

5.8 Biometrics Commissioner and Surveillance Camera Commissioner

1min
page 141

5.7 Enforcement Powers

14min
pages 134-140

5.6 Complaints

5min
pages 131-133

5.5 Codes of Practice and Guidance

4min
pages 129-130

5.4 Accountability and Transparency

5min
pages 126-128

5.3 Governance Model and Leadership

6min
pages 123-125

5.2 Strategy, Objectives and Duties

17min
pages 115-122

4.4 Building Trust and Transparency

7min
pages 107-110

3.6 Further Questions

0
page 102

3.5 Derogations

3min
pages 100-101

3.4 Certification Schemes

3min
pages 98-99

4.5 Public Safety and National Security

2min
page 111

3.3 Alternative Transfer Mechanisms

11min
pages 92-97

4.6 Further Questions

1min
page 112

3.2 Adequacy

11min
pages 87-91

2.4 Privacy and electronic communications

22min
pages 72-81

2.5 Use of personal data for the purposes of democratic engagement

6min
pages 82-84

2.3 Subject Access Requests

8min
pages 69-71

1.7 Innovative Data Sharing Solutions

10min
pages 47-51

1.8 Further Questions

0
page 52

2.6 Further Questions

1min
page 85

Ministerial foreword

1min
page 2

1.5 AI and Machine Learning

45min
pages 24-43

1.6 Data Minimisation and Anonymisation

7min
pages 44-46

1.2 Research Purposes

12min
pages 12-17

1.3 Further Processing

5min
pages 18-20

Overview of Consultation

3min
pages 9-10

1.4 Legitimate Interests

6min
pages 21-23

International Context

3min
page 8
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.