Filter By

Show All

Connect to


Data protection 2016: Information Commissioner


In his final address to the DMA's Data protection conference before he steps down, the Information Commissioner Christopher Graham laid out the current and upcoming challenges for those working in data

Christopher Graham steps down from the post of Information Commissioner in June, "It's time to go when you find you are renewing your bus pass," he said. "At the end of June I’ll decide what to do next."

Graham has steered the data regulator through the tremendous rise in the trading and usage of consumer data. "I could see that digital was disrupting the ad industry in a good way. There is the importance of data protection as a sound platform for good things to happen," he said.


The ICO has not been static and in the last year has won more power from government.

"A thank you to DCMS - this time last year I was fretful. We could see nuisance but it wasn’t enough - we had to show distress to make a successful prosecution. Then the government changed the law and since then we have been motoring. Now we just have to show that the rules have been broken by the cowboys. It’s no longer catch us if you can.

"We are in a strengthened position to do this," he said.

Giving the example of a firm that called consumers during the middle of the night, winning a substantial fine from the ICO, the Information Commissioner explained the threats to businesses going about things the wrong way. He said, "It’s not just a question of whether that business complies with the law, but whether it has long term potential for growing a brand".


However, the ICO is currently limited to imposing a fine of £500,000. Under the GDPR, the limit is raised substantially to €20 million or 4% of global turnover, whichever is the greater.

Graham referred to the fines as "eye-watering" and said, "The sky’s the limit for enforcement. This is getting serious."

Penalties vs behaviour

"I have never been one to get off on civil monetary penalties," he said. "There is a much more powerful driver coming from consumer behaviour - what the consumer wants drives all this.

"We’ll deal with the rogues. Practitioners who want to get things right are more interested in setting good practice and sticking to it - that’s the business. You can make a quick buck but at real consequence to your reputation.

"The time, energy and money needed to rebuild consumer confidence can be as severe a punishment as any fine," he said.


Graham warned, "We used to think that digital is the new oil. It’s also the new asbestos. You have to manage those new opportunities," he said.

"I know you want us to work against the fly-by-nights who get in the way of the direct marketing business. This doesn’t mean you are home free.

"In many ways, by asserting you are doing things properly, the fall could be even greater. Don’t just talk the talk, but walk the walk," he said.

Charity fundraising

On the subject of the upheaval in the charitable sector over the summer of 2015, he said, "Who would have thought that some of our leading charities could so tarnish their own brand by going over the top and not managing what the fundraisers were doing. Consumer behaviour pulls everyone into line," he said.

He cited the steps made in the Etherington Report, but also that charities including the RNLI and more recently the British Red Cross have decided to take a much closer look at their fundraising.

"Charities need to get on the front foot before the ICO comes knocking on the door. The clever thing to do now is to get several jumps ahead of the sheriff," he said.

Steps to take now

Graham advised delegates to look at the existing legislation first, which will be a great starting-point for the GDPR.

"Get it right with PECR and the data protection act and you won’t go far wrong. There are more obligations and more process, even for me as a regulator. Your problem is complying with the rules as they are at the moment. If you work on that, you won’t go far wrong," he said.

The five Es

Graham says the ICO has a mantra - the five Es:

  • Enforcement - their primary function to enforce the legal obligations
  • Education - to help data controllers know they are behaving correctly
  • Empowerment - of citizens and consumers to assert their rights under the current law and DGPR
  • Enabling - the power of digital can deliver wonderful services in so many areas of the public or private sector
  • Engaged - with what’s going on and technological developments - watching out for what’s happening

"We are not just there as a policeman but as a guide," he said.

Privacy Shield

"We are waiting for the text on that. President Obama signed the Judicial Redress Act, to give EU citizens the right of redress over actions taken in US," he said.

In the absence of a working alternative, he reassured delegates, "We are not charging around looking to enforce against people who relied on Safe Harbour. We are working hard to make sure the new arrangements coming in to place are convincing," he said.

Hear more from the DMA

Please login to comment.


Related Articles

Like any industry, the world of direct mail and fulfilment comes with its own world of words, phrases and jargon.

And – unless you take a bizarrely in-depth interest in the world of direct mail – it's difficult to know what all of these terms mean.

But if that's you, never fear: our handy jargon buster will help you make head and tail of anything you read about direct mail and fulfilment. In this revised direct mail jargon buster, we have updated and added new terms to help you further.


Businesses blogs drive traffic and improve search rankings. Next to that blogs drive email subscription sign-ups where then the email can drive impressive engagement and conversions. So how do these to work together in a B2B context?


The latest case study on excellent door drop creative from the Door Drop Hub of the Print Council.

Creative Case Study - Bluebird Care Door Drop_Events copy 4_Events copy 4 (002).png

The question of 'what is the response rate from leaflet distribution' has to be one of the most commonly asked questions we at Mr Flyer receive from potential and existing customers. Back in 2016, we released an article here on the DMA website on this subject, which ranked the 3rd most read article that year! Six years on, we felt it appropriate to create an update. The stats are fresh, the analysis updated, and a unique response rate tracking software is revealed!

leaflet distribution Response Rate-01.jpg