By Jocelyn S Paulley

There is no indication that the ICO intends to shift its way of working away from promoting good practice and working with organisations to achieve compliance to instead focusing on proactively pursuing breaches or looking for organisations to fine. Whilst the ICO is towing the party line that fines must be “punitive and dissuasive”, the regulator’s ambition is to improve compliance to ensure better protection of data and adherence to the privacy principles, rather than being a regulator whose primary purpose is to enforce and issue fines.

As well as enforcement, the ICO proactively focuses on various market sectors each year, both from a compliance perspective, but also to produce guidance and enhance the ICO’s own market knowledge and keep ahead of change.