The Government has answered calls for a huge expansion of the Information Commissioner’s Office following fears the regulator will collapse under the extra burden it faces from the new EU data laws, and has sanctioned the recruitment of 200 additional staff over the next three years.
The move follows a long-term battle for increased funding for the regulator, initiated by former Commissioner Christopher Graham as far back as 2013. He claimed the changes would create a £42.8m black hole in the ICO’s finances.
Under GDPR, the ICO faces a double whammy of a greater workload, costing an estimated £26.3m, combined with the demise of the notification fee payable by all those who process personal information, which brings in £15m a year.
The major hiring spree, which will boost the ICO’s headcount to over 700, was revealed by Graham’s successor, Elizabeth Denham, to the House of Lords EU Home Affairs Sub-Committee in its latest hearing on the new EU data protection package.
The bulk of ICO staff – which includes lawyers, investigators, former police officers, policy analysts and advisors – is based at the ICO office in Wilmslow, Cheshire, but the ICO also runs offices in Northern Ireland, Scotland, Wales and London.
Denham conceded that the recruitment process will not be easy, however, especially as the ICO is competing for people with specialist skills against public bodies and private sector organisations with much bigger budgets.
“Commercial entities can pay more money than government,” she said. “We need to be strategic in terms of our offering because we will never be able to match the salaries, but we can offer other benefits such as flexible working.”
The most pressing needs are in relation to the GDPR, she said, especially in terms of increased duties and educating people about the implications of the regulation.
“Education is probably the most important function of the ICO, especially when you have a new regulation coming in that will be directly applicable on 25 May 2018 because the UK will still be in the EU. This is a once in a generation change in the law, and we are the primary educators for data controllers on what their new responsibilities are, and to the public on what their new rights will be.”
Denham said the ICO has assessed its technical, staffing and physical space needs and presented the business case to government.
“The Government has done a lot of work on this in partnership with the ICO and we have a new fee structure that needs to be approved by Parliament, and hopefully this will be done before the notification fee falls away in 2018,” she said.
Cancer Research UK aims to be GDPR compliant by July
Dogs Trust signs deal to secure GDPR compliance
Ten crucial steps to tackle GDPR compliance anxiety
Final data countdown: 16 months to save your business
Read it and weep: ICO offers latest GDPR guidance
Consumers back GDPR to make their data safer
7,000 data protection officers needed for UK firms
EU data reforms: the top 5 issues for marketers
ICO faces £43m funding black hole