The Information Commissioner’s Office has lost 35 of its experts to the public and private sectors since the start of this year, NS Tech can disclose.
Organisations are luring away the regulator’s staff with higher pay in a bid to ensure they have the expertise to comply with GDPR when it comes into force in May next year.
The brain drain comes at a critical time for the ICO, with the Home Office advising it to grow its staff by at least a third to guarantee it can robustly police the new regulations.
A spokesperson told NS Tech that it currently has 486 employees on the payroll and is “looking to take this number up to 600 through the rest of 2017 and 2018”.
But Elizabeth Denham, the Information Commissioner, told the FT the ICO would be ill-equipped to oversee GDPR if it loses more staff to better paying organisations.
“We have to grow,” she said. “We’d like our numbers to be protected and we’d like to be able to ensure that we have fair pay and compensation for our staff given the kind of expertise [we have].”
The government has committed to introducing GDPR next year and matching its standards once the UK leaves the EU in March 2019.
It grants the ICO the power to fine organisations up to 4 per cent of annual global turnover or £17m for mishandling users’ data.
Denham is seeking to dispel GDPR myths in a new blog series. In the first instalment, she said maximum fines will not become the norm:
“Issuing fines has always been and will continue to be, a last resort. Last year (2016/2017) we concluded 17,300 cases. I can tell you that 16 of them resulted in fines for the organisations concerned.”