21Jul

The data protection regulator, the Information Commissioner’s Office (ICO), has published its annual report for 2016/17.

Information Commissioner Elizabeth Denham commented:

“My office is preparing for the future in data protection with new processes, a comprehensive change programme and an education and guidance programme for stakeholders and the public.

“As the laws we regulate change, there is an opportunity for us to improve the trust that the public feel in those who process their personal data or who make information available to the public. We have launched our new Information Rights Strategic Plan that places this trust at the heart of what the Information Commissioner’s Office will do in the next four years.”

In her foreword to the report, Ms Denham also spoke of how the ICO “continued to take action against nuisance calls and the misuse of personal data, bringing civil and criminal prosecutions against a number of individuals whose practices contravened individual privacy rights.” A number of fines, some for six-figure sums, were handed down to firms making nuisance calls and sending spam marketing texts, across a variety of business sectors, during the course of the year. In all, the ICO fined 23 firms a total of £1,923,000 for breaches of the Privacy and Electronic Communications Regulations.

The regulator also secured 21 criminal convictions against firms and individuals who breached data protection laws.

A key part of the ICO’s work during the year was preparing for the introduction of the European Union’s General Data Protection Regulation (GDPR) in May 2018. The ICO has published a guide detailing steps firms should be taking to prepare for its implementation, and no firm in any business sector can afford to ignore their GDPR obligations.

Ahead of the introduction of the GDPR, the report also highlights that the ICO issued guidance to firms on its expectations under existing UK law regarding privacy notices. A privacy notice is a document in which a firm explains why it needs to collect personal data, and what it intends to do with the data once obtained.

Cybersecurity has been something of a hot topic during the last 12 months, and firms of all sizes and types need to ensure they have rigorous security measures in place to reduce the risk of them falling victim to a cyberattack. The report says that the ICO has “worked with Government on its cyber security regulation and incentives review, providing evidence to Parliament during its scrutiny of the issue.” It adds that “the review makes a number of recommendations and we are working with the National Cyber Security Centre and Government to play our part in fulfilling these.”

The information shown in this article was correct at the time of publication. Articles are not routinely reviewed and as such are not updated. Please be aware the facts, circumstances or legal position may change after publication of the article.