Information Commissioner's Annual Report and Financial Statements 2017-18

Together we are Forbes


27 July, 2018

Dan Crayford

On the 20 July 2018 the ICO published its Annual Report and Financial Statements 2017-18, specifically covering the period from 1 April 2017 to 31 March 2018. With the introduction this year of GDPR and the Data Protection Act 2018, and the anticipated replacement of PECR with the E-Privacy Regulations, the biggest shake-up of data protection laws across the EU and the UK, this report provides some key insight into the run-up to the changeover in the law.

With regard to these changes, the Information Commissioner, Elizabeth Denham, stated: "This is an important time for privacy rights, with a new legal framework and increased public interest. Transparency and accountability must be paramount, otherwise it will be impossible to build trust in the way that personal information is obtained, used and shared online."

The reporting period saw a significant increase in complaints regarding data protection, up by 15% on the previous year, as well as an ever larger increase in self-reporting of potential breaches by organisations, up by 30%. With GDPR and DPA 2018 moving away from voluntary to mandatory reporting, this trend is likely to carry forward and potentially rise further, highlighting the increased reporting obligations placed on organisations.

If you have had problems getting through to the ICO via the phone, that is likely due to the huge increase in telephone enquiries which saw them handle 30,000 more calls in the final quarter of 2017 than they handled in the same period of 2016! Overall there was a 24.1% increase in phone calls received, and a 61.5% increase in 'live chat' requests online, showing a massive uptake in both the public and organisations attempting to get to grips with the new data protection laws.

When breaking down the sectors affected by data protection concerns 'general business', health and local government continue to lead the pack, citing a third of all concerns reported throughout the reporting period. Policing, central government and education are also significant sectors, once again showing that data protection is not just a matter for the private sector. Exemplifying this, charities throughout the UK were hit with 11 fines totalling £138,000 for the unlawful processing of personal data. Being the 'good guy' is not a get out of jail free card when it comes to data protection.

Forbes Solicitors regularly advise a range of businesses on data protection law including compliance with the DPA2018, GDPR and PECR, including providing training.  We offer a range of fixed fee Data Protection support services and would be happy to discuss how we can assist you with your preparations with the aim of helping to minimise the occurrence of breaches, and in the event of a breach help to reduce the penalty given. If you have any questions, please contact me on 01254 222451 or at

Learn more about our Commercial department here

Ticketmaster's data breach and don't forget about PECR!

Kit Kat "Have a Break" from Trade Mark Protection

Contact Us

Get in touch to see how our experts could help you.

Call0800 689 3206

CallRequest a call back

EmailSend us an email

Contacting Us

Monday to Friday:
09:00 to 17:00

Saturday and Sunday: