Are regulators ready for GDPR?

We keep hearing the question ‘are companies ready for GDPR?’ But an equally pertinent question may relate to whether regulators themselves are ready.

Reuters has been asking that very question. And of 24 national regulators who responded to the Reuters survey, 17 said that they did not have the appropriate level of funding to enable them to police the regulations or indeed have the necessary powers.

The UK’s Information Commissioner’s Office (ICO) was among the regulators that did not participate in the survey.

Reuters quoted Isabelle Falque-Pierrotin, president of France’s CNIL data privacy watchdog, as saying “We’ve realised that our resources were insufficient to cope with the new missions given by the GDPR.”

The General Data Protection Regulation (GDPR) is coming into force on May 25th. But according to Reuters, many governments have not yet updated their laws to apply enforcement measures for GDPR issues.

The UK Data Protection Bill is still in the process of going through the UK parliamentary system. It’s already 300 pages thick, but is expected to expand further.

Recent amendments to the bill will make it illegal to destroy or falsify data related to a breach that the ICO would use in its investigation.

The ICO now employs 400 staff. It says that they handle “more than 16,000 data protection complaints, 5,000 freedom of information complaints and over 200,000 calls to the helpline.” It also administrates over 400,000 entries on the Register of Data Controllers.

But once GDPR is introduced and the first fines are announced, it may see a rush of enquiries.

It will not receive an income from fines that are imposed – this would, after-all, involve conflict of interest.

It does, however, draw the lion’s share of its income from charges to organisations.

Micro organisations with a turnover of less than £632,000 or no more than ten employees, pay £40 a year. Organisations with a turnover over £632,000 but less than £36 million and employ no more than 250 people pay £60, and large organisations pay £2,900.

The ICO’s budget last year (to April 2017) was £20.8 million.

European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.