tashka2000 - Fotolia
The Information Commissioner’s Office (ICO) has dealt with a record number of data protection incidents, nuisance marketing cases and individual complaints in the past year, according to its latest annual report.
The ICO’s annual performance statistics for 2016/17 also reveal that the regulator received more reported data protection breaches and fined more companies for unlawful activities than any previous year.
The record numbers are in part ascribed to the fact that the ICO’s free telephone helpline, live chat service and online reporting tool all helped make it easier for the public to report their concerns to the regulator, and the fact that audits and new self-assessment tools helped increase organisations’ awareness of their responsibilities.
The statistics show that data protection complaint cases rose to 18,354, around 2,000 more than the previous year. Some 2,565 self-reported data breaches resulted in 16 civil monetary penalties totalling £1,624,500 for serious breaches across a range of public, private and voluntary sectors.
The ICO received more than 166,000 reports about nuisance calls and texts. The ICO issued a record number of 23 fines in this regard, totalling £1,923,000, and issued nine enforcement notices and placed 31 organisations under monitoring.
More than 5,400 freedom of information (FOI) cases were received and 5,100 closed during the year, with 1,351 decision notices, which was “broadly similar” to the previous year, the ICO said.
“We have continued to monitor compliance and raised the threshold for our intervention, taking action if fewer than 90% of their FOI responses fall in the statutory timescale,” the ICO said.
The statistics show the ICO received more enquiries about the legislation it deals with than in the year before.
“Although calls to our helpline were slightly down on last year at 189,942, this was more than made up by new channels including our live chat service, which received 18,864 contacts. Letter and email contacts remained similar to last year,” the ICO said.
People at heart of ICO, says deputy commissioner
The GDPR introduces a more rigorous data protection regime and stricter penalties for breaches of up to €20m or 4% of annual global turnover, whichever is greater.
Deputy commissioner Simon Entwisle said: “We have advised and educated organisations to help them work within the law and we have taken action when they’ve fallen short of the mark.”
People will continue to be at the heart of what the ICO does as it looks to the future, he said, with the GDPR giving people greater control over their own data.
“We are working closely with organisations to help them understand their obligations and be ready for the new rules,” he said.
Entwisle said ICO staff at every level deserve credit for the contribution they have and continue to make. “Information commissioner Elizabeth Denham’s programme to strengthen the team – in both numbers and expertise – will equip the ICO to meet the challenges ahead.”
Read more about the GDPR
- Businesses should be forging ahead with preparations to comply with the GDPR regardless of Brexit, says the ICO.
- At the latest CW500 club, experts discussed how to make sure your organisation is ready for GDPR compliance.
- Businesses dealing with EU citizens’ data urged to ensure they are on track to comply with the GDPR in less than 16 months, as the world marks Data Protection Day 2017.
- The Information Commissioner’s Office has set out its plans for publishing guidance on the EU GDPR.
Testifying to the House of Lords EU Home Affairs Sub-Committee in a hearing on the new EU data protection package, Denham planned to expand the ICO’s staff to deal with the extra work burden to be imposed by the GDPR.
This includes plans to recruit 200 additional staff to take the total number to around 700 in the next three years, with the most pressing staff needs being in relation to the increased duties imposed by the GDPR and the need to educate people about the implications of the regulation.
Denham said Brexit had also added work for the ICO’s policy staff to ensure they can give advice to government and to parliament about what the various impacts would be of different regulatory arrangements post-Brexit.
In addition to the new work related to the GDPR and Brexit, Denham said the UK is increasing the work it is doing internationally regarding data protection enforcement.
“The ICO is one of the largest regulators globally. We have 35 years’ experience in this space and we have a newly developed international strategy,” she said.
“We are going to continue to lean in and engage deeply in work with our European colleagues on the implementation of the GDPR, but at the same time we are engaging in global enforcement work beyond Europe, which involves building bridges with other regulators around the world.”