Earlier this year the UK government advertised for the appointment of a new Information Commissioner, a role currently filled by Elizabeth Denham who was appointed in July 2017. During her tenure, Elizabeth Denham has overseen the changes in regulation and enforcement introduced by GDPR, which has reinforced the ability for more severe penalties to be imposed for data breaches, as well as dealing with the challenges of dealing with data issues arising through the negotiations for the UK’s withdrawal from the European Union, and latterly the Covid 19 pandemic.
The new Information Commissioner will take over at a time when Data Protection law is once again in a state of change, with the implications of Brexit still being worked through. One major issue at the moment is whether the UK will reach agreement with the EU to maintain “adequacy” status. If this is maintained, transfers of data between the EU and UK may continue with relatively few curbs. The UK government hopes that it will possible to agree this with the EU on the basis that their respective legislative regimes will maintain “equivalence”. This will allow the government some flexibility in its trade negotiations with other countries, than if a closer legal tie is required. If an “adequacy” agreement is not achieved, additional barriers will arise to trade and it is likely that additional costs will have to be borne by exporters on both sides of the Channel.
A further important aspect in relation to the international data transfers which remains to be resolved by both the EU and the UK are the arrangements relating to transfers of data to the US, following the Schrems II decision of the European Court of Justice, which invalidated the EU:US privacy shield arrangements.
Elizabeth Denham’s term was initially due to end in July 2021, but she has agreed to remain in the post until October, while recruitment of her successor takes place and we anticipate that the name of her successor will be announced soon.