The ICO has launched its Corporate Plan for 2016 – 2019 (the “Plan”), detailing how it intends to achieve its objectives within the next three years.

The Plan lists a number of high-level, strategic outcomes, including:

  1. organisations routinely meeting their legal obligations under information rights law and in their responses to people exercising their rights;
  2. good information rights practice being embedded into the culture and day-to-day processes of organisations and into emerging technologies and systems; and
  3. organisations being aware of the ICO’s investigatory and enforcement powers and the consequences of failing to meet the requirements of information rights law.

The ICO states within the Plan that a separate stream of work will be established relating to the implementation of the General Data Protection Regulation and that the Plan will be updated to ensure that it reflects the work to be done in the run-up to implementation.