New laws and high profile investigations have helped put data protection and privacy at the centre of the UK public’s consciousness like never before, the UK’s Information Commissioner has said.

As the ICO’s annual report for 2017-18 was published, Elizabeth Denham said her second year in the role had been ‘”one of increasing activity and challenging actions, some unexpected, for the office’”

Denham said: “This is an important time for privacy rights, with a new legal framework and increased public interest. Transparency and accountability must be paramount, otherwise it will be impossible to build trust in the way that personal information is obtained, used and shared online.”

As well as extensive work helping the public and organisations of all sizes prepare for the General Data Protection Regulation (GDPR), and providing expert advice to Government during the passage of the Data Protection Act 2018 through Parliament, the ICO also experienced unprecedented demand for its casework on data protection and freedom of information.

Highlights from the 12 months to 31 March 2018 include:

Helping the public

  • A significant increase in data protection complaints (up 15%), self-reported breaches (up 30%) and freedom of information complaints (up 5%). Against this increased demand, we closed more cases than in any other year;
  • The ICO received a huge increase in telephone, live chat and written queries from the public and organisations, with new telephone services for small organisations and for self-reported breaches. In the final quarter we had 30,000 more calls than in the previous three months;
  • Creating the ‘Your Data Matters’ campaign to inform the public about their rights;


Enforcing the law

  • It issued the largest number and amount of civil monetary penalties in our history. This included 26 penalties totalling £3.28m for breaches of electronic marketing laws relating to nuisance calls and spam text messages, along with 10 enforcement notices and the execution of three search warrants;
  • Eleven fines totalling £1.29million for serious security failures under the Data Protection Act 1998. A further 11 fines to charities totalling £138,000 for unlawfully processing personal data and an £80,000 fine issued to a data broking organisation;
  • A total of 19 criminal prosecutions resulting in 18 convictions – a further six cautions were issued and 11 search warrants were executed;


Advice for organisations

  • Ongoing engagement work with organisations in the public, private and third sectors to promote compliance with the laws on information rights;
  • Undertaking 26 new audits, 24 follow-up audits, 43 information risk reviews and 56 advisory visits with small and medium sized businesses;
  • Continuing to play a leading role in European and global policy and enforcement networks, supporting a new International Strategy;
  • An increased focus on cyber incidents, including a new Technology Strategy and the new ICO Grants Programme to support independent research.