Increased activity from the ICO in preparation for the EU GDPR

IT Governance, the global cybersecurity experts.

The Information Commissioner’s Office (ICO), the authority for data protection in the UK, has increased enforcement activity compared to previous years.

ELY, UNITED KINGDOM, September 19, 2017 / — The Information Commissioner’s Office (ICO), the authority for data protection in the UK, has increased enforcement activity compared to previous years.

Currently this year, a record 79 enforcement actions have been issued, 47 of which are monetary penalties – already more than the amount in the whole of 2016 – including the largest fine on record in relation to excessive nuisance calls.

The list of ICO enforcement actions includes a number of public and private companies, charitable organisations, local councils and individuals that failed to comply with the Data Protection Act 1998 (DPA) through incorrect use or storage of personal data.

Incidents include:

• Office cabinets containing sensitive records of children were sent to a second-hand shop.
• DVDs containing interview footage of victims were lost in the post.
• Sharing data with other charities, ranking donors according to wealth and finding out their information that had not been disclosed.
• 99.5 million nuisance calls made using automated marketing messages.

The increased activity suggests the ICO is preparing for the EU General Data Protection Regulation (GDPR), which imposes tougher requirements to improve the security of personal data for EU residents. With improved awareness of data privacy rights for the general public in recent years and the new Regulation giving individuals greater control of their information, it’s no surprise that enforcement actions are increasing against organisations where a potential breach has been reported.

The founder and executive chairman of IT Governance, Alan Calder, said: “Organisations have a responsibility to themselves and the general public to uphold the security of personal data in compliance with legislation.

“With the GDPR and Network and Information Security (NIS) Directive coming into effect, businesses should think about the necessary steps towards achieving clear organisational and technical policies to avoid the reputational and financial damage associated with data breaches.”

The ICO provides information for organisations and individuals seeking advice on data protection policy along with a platform for reporting concerns.

To help employee understanding, IT Governance offers the Security Awareness Programme, a bespoke training campaign tailored to each organisation’s needs that embeds a data security culture across the board.

To find out more about our information security training courses, products and services, visit the IT Governance website, email or call +44 (0)845 070 1750.

– Ends –


IT Governance Ltd is the single-source provider of books, tools, training and consultancy for IT governance, risk management and compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is ‘non-geek’, approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at

Mihaela Jucan
IT Governance Ltd
email us here

Source: EIN Presswire