The ICO’s recent enforcement guidelines and press release, of 25 May 2011, continue the DCMS’s themes of flexibility in options for compliance, and also reinforced the ICO’s previous messages that these new rules, whilst they may be slow to come fully into operation and enforcement, cannot be ignored. The ICO’s statements confirm that its current risk based, proportionate enforcement approach will continue to be applied for the revised regulations, and make clear that a 12 moth lead in period will be applied (ending in May 2012) during which the ICO will refrain from using its enforcement powers in order to allow businesses to work on their compliance plans. Whilst it was generally expected that such a lead in period would be applied, given the virtual impossibility of complying with the new regulations immediately, this statement from the ICO sets a useful time frame for businesses to start getting their technical functionality in line.
Click here for picture
Note: For additional information on the implementation of these rules, see our prior post on the topic.