Elizabeth Denham ICO
Elizabeth Denham ICO

Despite being completely unknown to most people, Elizabeth Denham is arguably one of the most powerful women in the country.

She holds the top job at the Information Commissioner's office (ICO). As Information Commissioner, she is responsible for overseeing the smooth implementation of GDPR which comes into effect today.

Since her appointment in July 2016 she has issued the ICO's largest fines, including a high-profile penalty of £400,000, handed out to Carphone Warehouse for an incompetent data breach of customer data and bank details.

She has also been at the forefront of the ongoing Facebook data scandal, having announced that she will be investigating over 30 companies in her investigation into the extent of data misuse at the company.

In the past year she has been ramping up the pressure on companies that persist in breaking anti-spam and data protection rules. Figures released by The SMS Works for January reveal that it was a record month for fines.

As well as the highest number of fines given in any month, the total in monetary penalties she issued in January reached a new high of £1.7 million. For context, a total of £4.9 million was raised in the whole of 2017.

Previous roles

Denham, a native Canadian, had a well-established career in the field before landing the £140,000 per annum top ICO job. She held the equivalent position of Information and Privacy Commissioner for British Columbia for six years up to 2016 and the assistant role for three years before that.

Her early career was spent at the University of British Columbia. As a career civil servant, perhaps commercial experience is the only area missing from her CV. In 2013 when she received the Queen Elizabeth II Diamond Jubilee Medal for her service as an Officer of the Legislature of British Columbia, Canada.

Shortly after she joined the ICO, she was recognised as being one of the three most influential people in data-driven business at the annual Data IQ 100 list, along with a visiting professorship at University College London.

This was topped off in 2018 with her being named as the most influential person in data-driven business in the updated DataIQ 100 list. 

Her approach

Denham demonstrates a determination to make sure that GDPR is a success, ensuring companies and organisations that hold and process customer data understand their responsibilities. Commenting on what she expected 2018 to be like for the data and analytics industry, she said:

“The GDPR requires us to prepare for a once-in-a-generation change where organisations need to put people at the centre of data processing.”

She's also sent a strong message that the May 25th deadline is fixed in stone, by emphatically stating,

“...there will be no ‘grace' period – there has been two years to prepare and we will be regulating from this date.”

Public persona

While perhaps not the most high profile leader, Denham is an accomplished presenter and interviewee. Whether she's giving a high-profile interview for Channel 4 news or speaking at large events, she gives a measured and professional performance.

She chooses her responses with care and precision

In all her media appearances, what comes across loud and clear is that she is 100 percent behind the consumer and her dogged approach to the Facebook data scandal demonstrates that she won't tolerate misuse of consumer information in any way.

Striking a balance

There's a sensitive balance that Denham has to find between robustly defending the rights of the consumer and not being perceived as anti-business or trying to stifle normal customer communications.

GDPR regulations are complex and there's a danger that the business community reacts negatively to the burden of the additional work needed to comply. 

Her GDPR myth busting series of blogs goes a long way to clarifying some of the more outlandish rumours that have been swirling around.

Despite Denham's reassurances, questions remain about how stringently the new rules will be interpreted and enforced.

In response to rumours that massive fines would result from the rules being broken, she said: “It's scaremongering to suggest that they will be making early examples of organisations for minor infringements or that maximum fines will become the norm. The ICO is committed to guiding, advising and educating organisations about how to comply with the law under the GDPR.”

What isn't clear however is whether we'll see a large rise in the number of fines being issued or what level of rule breaking, would attract a fine.

Her post GDPR challenge

Her next big test will come when the first spam or data breaches are reported. Her reaction will set the tone for her whole department.  She'll need to draw on all her experience and skills to make sure that the messages her department communicate are clear and consistent.

Contributed by Henry Cazalet, director of SMS gateway provider, The SMS Works