The public has growing increasingly aware of its privacy rights over the last 12 months, according to the Information Commissioner's Office (ICO), which regulates data protection in the UK.
The data watchdog highlighted an increase in complaints and self-reported breaches, as well as a significant rise in calls from the public and organisations, as evidence that privacy and data protection matters have become more important to people.
Data protection complaints rose by 14.5% in 2017/18, according to the ICO's annual report, released this week, and it recorded a 29% rise in self-reported data breaches from organisations, from 2,447 to 3,156. Self-reporting is now mandatory under GDPR, so the number is expected to rise yet further over the course of 2018/19.
Moreover, the data regulator received almost 46,000 more calls than the previous year - an increase of 24.1% - while the number of live chats requested rose by 61.5%. Approximately two-thirds, 68%, of enquiries were from members of the public while the remainder were from organisations - with the vast majority of enquiries, 85%, concerning the DPA.
"This is an important time for privacy rights, with a new legal framework and increased public interest," said information commissioner Elizabeth Denham.
"Transparency and accountability must be paramount, otherwise it will be impossible to build trust in the way that personal information is obtained, used and shared online."
The ICO issued 1.29 million in fines for serious failures under the old Data Protection Act 1998 (DPA). These were issued alongside 138,000 in fines to charities for unlawfully processing personal data, and a further 80,000 penalty issued to a data broking organisation.
Breaches of the Privacy and Electronic Communications Regulations (PECR), meanwhile, saw 26 organisations fined a collective 3.28 million for nuisance calls and spam texts, altogether amounting to the greatest number, and amount, of penalties the ICO has issued in its history.
The watchdog launched 19 prosecutions in 2017/18 resulting in 18 convictions under the DPA, and issued a further six cautions. One highlight mentioned in the report was the ICO's ongoing investigation into 30 organisations, including Facebook and Cambridge Analytica, into the misuse of personal data in political campaigning.
As part of these investigations, the regulator levied a 500,000 fine against Facebook earlier in July - the maximum possible fine under the old DPA - for two breaches of the 1998 act.
Because the offences had been committed prior to 25 May, they were not adjudicated under GDPR - which carries with it a maximum fine of 20 million, or 4% of an organisation's global annual turnover (whichever is higher), for the most serious breaches.
In the lead up to the European Union's (EU's) tough new set of data laws coming into force, the ICO also offered guidance and advice to organisations racing to comply - including the set-up of a small business helpline, and the launch of a UK-wide 'Your Data Matters' awareness campaign.
"At the time of my previous annual report the office was heavily involved in preparations for the upcoming General Data Protection Regulation (GDPR), working on guidance with our EU counterparts and identifying how our own processes needed to change to take account of the GDPR," Denham continued.
"In 2017/18 this activity has upped a few gears and involved many more staff. We have produced well received guidance on the new law for organisations, and have also continued a successful change management process to ensure our internal processes and workflows are up to the demands placed upon us by GDPR."
Picture: Information commissioner Elizabeth Denham
-
Security experts issue warning over the rise of 'gray bot' AI web scrapersNews While not malicious, the bots can overwhelm web applications in a way similar to bad actors
-
Does speech recognition have a future in business tech?Once a simple tool for dictation, speech recognition is being revolutionized by AI to improve customer experiences and drive inclusivity in the workforce
-
ICO admits it's too slow dealing with complaints – so it's eying up automation to cut staff workloadsNews The UK's data protection authority has apologized for being slow to respond to data protection complaints, saying it's been overwhelmed by increased workloads.
-
Data sovereignty a growing priority for UK enterprisesNews Many firms view data sovereignty as simply a compliance issue
-
Elevating compliance standards for MSPs in 2025Industry Insights The security landscape is set to change significantly in the years to come with new regulations coming into effect next year, here's how the channel needs to adapt
-
How ready is your company for NIS2?Supported Content The EU’s latest cybersecurity legislation raises the stakes for enterprises and IT leaders - and ensuring compliance can be a daunting task
-
Top data security trendsWhitepaper Must-have tools for your data security toolkit
-
“Limited resources” scupper ICO probe into EasyJet breachNews The decision to drop the probe has been described as “deeply concerning” by security practitioners
-
Conquering technology risk in bankingWhitepaper Five ways leaders can transform technology risk into advantage
-
Advancing your risk management maturityWhitepaper A roadmap to effective governance and increase resilience
