Thomas, who took over the post from Elizabeth France just over a month ago, said that while he would not hesitate to take action against organisations that deliberately breach the rules, he preferred constructive negotiation to tough action.
"I am not looking for convictions or prosecutions or enforcement actions as a measure of success. I am looking for a compliant society where organisations do these things naturally," Thomas said in an interview with Computer Weekly.
His ambition, he said, is to change the way organisations think about data protection, so that people think about the issues at the design stage of a project rather than bolt on data protection as an after-thought.
"One of the things I am keen to put across is that complying with data protection principles is good for the organisation.
"What organisation, public or private, wants to have information which is inaccurate; which is out of date; which has been improperly obtained; and which leaks out of your organisation in inappropriate circumstances?"
However, Thomas is adamant that he will take a tough line against employees who deliberately abuse sensitive information - an issue highlighted by Computer Weekly last week, when it reported abuse of personal data by Inland Revenue staff.
"I have reminded people that it is a very serious criminal offence to disclose personal information without the consent of the person who is controlling the information. And if they come across hard evidence that this is happening, we will prosecute."
In his previous role as director of public policy at law firm Clifford Chance, Thomas' job was to monitor and respond to a rapidly changing pattern of legislation, regulation and politics. The skills he learned there will be invaluable as he grapples with complex government initiatives ranging from electronic identity cards to monitoring e-mails at work.
Thomas said he plans to make it a priority over the next few weeks to review the long-delayed code of practice for IT professionals who monitor staff e-mails, web browsing and phone calls at work.
The code alarmed employers when it was published in draft form because of its complexity and the restrictions it imposed. Thomas has now promised a simpler version of the code for small businesses.
Some IT directors from small companies have already expressed fears that this will create even more confusion, but Thomas has said nothing yet about how it will work in practice.
ID card plan needs focus >>