A Considered Cooperation Approach Is Vital in ICO Data Protection Audits

The U.K. Information Commissioner’s Office’s (ICO) power to conduct data protection audits has been compared to “dawn raid” powers under other regimes. If the ICO finds wrongdoing during one of these audits, it has a suite of enforcement powers. In a guest article, Orrick partners Keily Blair and James Lloyd, and trainee Lara Nonninger suggest that, despite these powers, companies may be “over-complying” and should consider the nature and extent of their cooperation with the ICO. They also discuss the ICO’s enforcement power and how to prepare for a data protection audit. See “ICO Enforcement Takeaways After Marriott and British Airways” (Oct. 23, 2019).

To read the full article

Continue reading your article with a CSLR subscription.