ICO Annual Report 2017-18 Released

By Nigel Morgan

There are a few things to consider when reading this report;

• It runs from April 2017 to April 2018 so it doesn't factor in 25th May 2018 onwards. This means the 30% increase in voluntarily reported breaches is somewhat surprising. I can only assume that organisations weighed up the risks and considered that taking a maximum penalty of ￡500k was better than risking 2% - 4% of their global turnover.
• Reporting breaches is now mandatory under Article 33 Paragraph 1 of the GDPR. I wonder how many of the 52% of SMEs and 73% of larger enterprises who admitted suffering a data breach in the last 12 months will comply. If they do we should see the "voluntarily reported breach" statistic go off the chart!
• Data Subjects making complaints saw a sharp 15% rise. This may have been a reflection of the "Your Data Matters" campaign. This is food for thought and a warning to organisations to get your Rights Request Procedures in check.
• Penalties also hit a new high in terms of frequency and monetary value. PECR, despite taking a back seat in the GDPR mayhem also saw a sharp increase. This could possibly have been all the organisations trying to consent their data in an attempt to comply with GDPR and inadvertently spamming their unconsented databases.
• Apparently the average waiting time was 3 minutes on the GDPR helpline. I can only assume this statistic was measured up to April 2018 because I know the wait time was one and a half - two hours closer to the 25th May 2018. In fairness to the ICO this was an unprecedented time, probably never to be repeated.

The full report can be found here. https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/07/annual-report-2017-18/