Addressing the Advertising Association’s annual Lead 2016 conference in London, Christopher Graham said data protection failure could not only risk up to 20 million euros of fines in two years’ time, but could also cause serious reputational damage.
Graham said he currently has the power to impose civil monetary penalties of up to £500,000, but in 2018 new powers would enable regulators to impose fines of up to 20 million euros, or up to 4 per cent of global turnover.
He said: "A question I would ask is, just think what is going to drive responsible compliance with data protection obligations: fear of the regulator or fear of losing consumers’ trust?
"This stuff maters. We talk about the tremendous opportunity of digital but think of the risks. All that data, where it's personal data, it’s not yours to do what you like with. People care."
He cited a recent YouGov survey that the Information Commissioner’s Office had commissioned, which found that out of 2,000 people surveyed, 20 per cent said they would stop using a company’s services after news broke of a data breach involving them. The same poll found 57 per cent would consider stopping, 14 per cent said they did not know, and 8 per cent said it would make no difference.
Graham added: "When consumers start taking their business and their money elsewhere, that’s the real body blow.
"Keeping personal information secure is just part of the picture…. 95 per cent of those polled by YouGov said it was important that companies were clear from the outset about how their data was shared. 94 per cent didn’t want it to be shared with other companies."
He insisted that he was not addressing the industry to act as "the regulator with a stick", but wanted the Information Commissioner’s Office to be a partner with advertisers to solve many areas of public policy.
The Information Commissioner also warned that data protection was "not just an issue for the IT guy down the corridor" and told the room: "If you want all the benefits of digital you must manage the risk. It's the responsibility of the chief executive."
He cited the recent example of TalkTalk, which was counting the cost of the damage caused by a recent security breach. The telecoms company suspending its sponsorship of ITV's The X Factor during a police investigation into the incident.
Graham said: "It’s not just a problem for advertising, it’s for the advertising industry as a whole. What’s got the industry trouble is how their messages have been communicated... it’s a case of ‘shoot the messenger’.
"The medium is very often the issue. Look at spam and nuisance calls, it spoils it for everyone else in the direct marketing industry.
"It’s been said to me that data is the new oil, while someone else said it’s also the new asbestos. Think about reputational management. That’s the business that’s you’re in."