Denham, a native Canadian, had a well-established career in the field before landing the £140,000 per annum top ICO job. She held the equivalent position of Information and Privacy Commissioner for British Columbia for six years up to 2016 and the assistant role for three years before that.
“The GDPR requires us to prepare for a once-in-a-generation change where organisations need to put people at the centre of data processing.”
“...there will be no ‘grace' period – there has been two years to prepare and we will be regulating from this date.”
While perhaps not the most high profile leader, Denham is an accomplished presenter and interviewee. Whether she's giving a high-profile interview for Channel 4 news or speaking at large events, she gives a measured and professional performance.
She chooses her responses with care and precision
In all her media appearances, what comes across loud and clear is that she is 100 percent behind the consumer and her dogged approach to the Facebook data scandal demonstrates that she won't tolerate misuse of consumer information in any way.
Striking a balance
There's a sensitive balance that Denham has to find between robustly defending the rights of the consumer and not being perceived as anti-business or trying to stifle normal customer communications.
GDPR regulations are complex and there's a danger that the business community reacts negatively to the burden of the additional work needed to comply.
Her GDPR myth busting series of blogs goes a long way to clarifying some of the more outlandish rumours that have been swirling around.
Despite Denham's reassurances, questions remain about how stringently the new rules will be interpreted and enforced.
In response to rumours that massive fines would result from the rules being broken, she said: “It's scaremongering to suggest that they will be making early examples of organisations for minor infringements or that maximum fines will become the norm. The ICO is committed to guiding, advising and educating organisations about how to comply with the law under the GDPR.”
What isn't clear however is whether we'll see a large rise in the number of fines being issued or what level of rule breaking, would attract a fine.
Her post GDPR challenge
Her next big test will come when the first spam or data breaches are reported. Her reaction will set the tone for her whole department. She'll need to draw on all her experience and skills to make sure that the messages her department communicate are clear and consistent.