The Information Commissioner’s Office (ICO) has published its Annual Report for the 12 months to March 31 2019, and the data protection regulator has described that period as “unprecedented”. 2018/19 saw the introduction of the EU’s General Data Protection Regulation (GDPR) and the accompanying UK Data Protection Act 2018. In the same period there have been a number of high-profile data protection news stories, and the general public are perhaps more aware of data protection issues than ever before.
Data protection complaints received by the ICO almost doubled from 21,019 in 2017/18 to 41,661 in 2018/19. 2018/19 was also a record year when we look at the fines imposed by the watchdog on companies and other organisations that failed to comply with relevant data protection law. 23 monetary penalties were issued for breaches of the Privacy and Electronic Communications Regulation, totalling over £2million, and that’s before we also consider fines imposed as a result of breaches of the UK’s previous Data Protection Act – here the total of the 22 fines topped £3 million. Some of the largest fines under the 1998 Act concerned failures in cyber security. In partnership with the Insolvency Service, a number of directors were disqualified from holding senior positions as they were held personally responsible for data protection breaches within their own organisations.
One of the key changes that the ICO emphasises in the report is the need for organisations to carry out risk management of their data protection activities. They now need to identify the potential risks that are caused by their use of data, and then need to consider now they can reduce, mitigate or eliminate those risks.
While the public may now be more aware of data issues and more willing to complain if they perceive that their data has not been handled effectively, there was some good news for firms and other organisations from an annual ICO survey. Research carried out in July 2018 showed that one in three (34%) people have “high trust and confidence” in companies and organisations that hold their personal information, and this figure was significantly higher than the 21% figure from 2017. The 2019 survey is now under way.
Information Commissioner Elizabeth Denham said:
“The ICO has covered an enormous amount of ground over the last year – from the introduction of a new data protection law, to our calls to change the freedom of information law, from record-setting fines to a record number of people raising data protection concerns.
“The biggest moment of the year was the General Data Protection Regulation (GDPR) coming into force. This saw people wake up to the potential of their personal data, leading to greater awareness of the role of the regulator when their data rights aren’t being respected. The doubling of concerns raised with our office reflects that.”
The information shown in this article was correct at the time of publication. Articles are not routinely reviewed and as such are not updated. Please be aware the facts, circumstances or legal position may change after publication of the article