The public has woken up to the potential of their personal data, the Information Commissioner has said as the ICO’s annual report for 2018-19 was published today. Elizabeth Denham also said it covered an ‘unprecedented’ year for the regulator.

Ms Denham continued:

“The ICO has covered an enormous amount of ground over the last year - from the introduction of a new data protection law, to our calls to change the freedom of information law, from record-setting fines to a record number of people raising data protection concerns. “The biggest moment of the year was the General Data Protection Regulation (GDPR) coming into force. This saw people wake up to the potential of their personal data, leading to greater awareness of the role of the regulator when their data rights aren’t being respected. The doubling of concerns raised with our office reflects that.”

Highlights from 12 months to 31 March 2019 include:

Helping the public and organisations

The ICO’s helpline, chat and written advice services received 471,224 contacts in 2018-19, a 66% increase from 2017/18 (283,727 contacts)

Data protection complaints received by the ICO increased from 21,019 in 2017/18 to 41,661 in 2018/19

Supporting the public through the ICO’s many expanded public-facing services (like the helpline and live text service)

Helping organisations, small or large, embed the GDPR and DPA 2018

Preparation of statutory codes focusing on age appropriate design, data sharing, direct marketing, and data protection and journalism.

Enforcing the law

Using new powers of inspection – issuing 11 assessment notices in conjunction with our investigations into data analytics for political purposes, political parties, data brokers, credit reference agencies and others

Taking action through enforcement notices

Issuing warnings and reprimands across a range of sectors including health, central government, criminal justice, education, retail and finance

2018/19 was a record-breaking year of monetary penalties under the DPA 1998.

Protecting democracy

In May 2017 we launched a formal investigation into the use of data analytics for political purposes, after allegations were made about the ‘invisible processing’ of personal data and the micro-targeting of political adverts during the 2016 EU referendum. The investigation eventually broadened and has become the largest investigation of its type by any data protection authority.

The investigation into the use of data analytics for political purposes was not our only major investigation during 2018/19. We devoted considerable resources to wide ranging investigations, led by our new High Priority Investigations and Intelligence Directorate. Case studies of some of these investigations are set out in the report.

Notes to Editors