As information commissioner, she is responsible for overseeing the smooth implementation of GDPR which comes into effect in just over a month. But what do we know about her?
Since her appointment in July 2016 she has issued the ICO’s largest fines, including a high-profile penalty of £400,000, handed out to Carphone Warehouse for an incompetent data breach of customer data and bank details.
She has also been at the forefront of the Facebook data scandal, having recently announced that she will include over 30 companies in her investigation to gauge the extent of data misuse at the company.
In the past year the information commissioner has been ramping up the pressure on companies that persist in breaking anti-spam and data protection rules. Figures released by The SMS Works for January reveal that it was a record month for fines.
As well as the highest number of fines given in any month, the total in monetary penalties she issued in January reached a high of £1.7 million. For context, a total of £4.9 million was raised in the whole of 2017.
Denham, a native Canadian, had a well-established career in the field before landing the £140,000 per annum job. She held the equivalent position of information and privacy commissioner for British Columbia for six years up to 2016 and the assistant role for three years before that.
Her early career was spent at the University of British Columbia. As a career civil servant, perhaps commercial experience is the only area missing from her CV. In 2013, she also received the Queen Elizabeth II Diamond Jubilee Medal for her service as an officer of the legislature of British Columbia, Canada.
Shortly after joining the ICO, Denham was recognised as being one of the three most influential people in data-driven business at the annual Data IQ 100 list, along with a visiting professorship at University College London. This was topped off in 2018 with her being named as the most influential person in data-driven business in the updated DataIQ 100 list.
Denham demonstrates a determination to make GDPR a success, ensuring bosses that hold and process customer data understand their responsibilities.
Commenting on what she expected 2018 to be like for the data and analytics industry, she said: “GDPR requires us to prepare for a once-in-a-generation change where organisations need to put people at the centre of data processing.”
She also sent a strong message that the 25 May deadline is fixed in stone, by emphatically stating “there will be no ‘grace’ period – there has been two years to prepare and we will be regulating from this date.”
While perhaps not the most charismatic leader, Denham is an accomplished presenter and interviewee. Whether she’s giving a high-profile interview for Channel 4 news or speaking at large events, the information commissioner gives a measured and professional performance. She chooses her responses with care and precision.
In all her media appearances, what comes across loud and clear is that she is 100% behind the consumer and her dogged approach to the Facebook data scandal demonstrates that she won’t tolerate misuse of consumer information in any way.
Striking a balance
There’s a sensitive balance that Denham has to find between defending the rights of the consumer and not being perceived as anti-business or trying to stifle normal customer communications. GDPR regulations are complex and there’s a danger that the business community reacts negatively to the burden of the additional work needed to comply.
Her GDPR myth busting series of blogs goes a long way to clarifying some of the more outlandish rumours that have been swirling around. Despite Denham’s reassurances, questions remain about how stringently the new rules will be interpreted and enforced.
In response to rumours that massive fines would result from the rules being broken, she said: “It’s scaremongering to suggest that they will be making early examples of organisations for minor infringements or that maximum fines will become the norm. The ICO is committed to guiding, advising and educating organisations about how to comply with the law under the GDPR.”
What isn’t clear is whether we’ll see a large rise in the number of fines being issued or what level of rule breaking, would attract a fine.
Her post GDPR challenge
Her next big test will come shortly after GDPR comes into effect on 25 May, when the first spam or data breaches are reported. Her reaction will set the tone for her whole department. She’ll need to draw on all her experience and skills to make sure that the messages her department communicate are clear and consistent.
Profile by Henry Cazalet, director of SMS gateway provider, The SMS Works