ICO 2017-18 Annual Report: Data protection complaints and breach reports up


The Information Commissioner’s Office has published their 2017-2018 Annual Report (covering the 12 months leading up to 31st March 2018) highlighting an increase in activities and some challenging activities.

The report is the ICO’s annual report to parliament as required by the Data Protection Act 1998. Bearing in mind that it covers the year in the lead up to the GDPR deadline (25th May) and so doesn’t cover any impact (initial or long term), it still presents some interesting upward trends:

  • 15% increase in data protection complaints
  • 30% increase in self-reported breaches
  • 30,000 more calls to their helplines in the final quarter compared to previous quarters in the year
  • Largest number of monetary penalties including
    • 26 penalties totalling £3.28m for digital marketing regulation breaches
    • £1.29m in fines to organisations relating to security failures under data protection
    • 19 criminal prosecutions

We’ll have to wait until next year to see what impact the GDPR has had on these figures. On a webinar relating to data breaches this week, the ICO indicated they had seen a steep increase in data protection breach reports to their report line, in June, so maybe an indication that GDPR in 2018-2019 will be even more “challenging” for the ICO.