It has been an unprecedented year for the ICO. It released its 2018/2019 annual report shortly following its two recent announcements of intentions to fine the Marriott £99m and British Airways £183m in respect of their data breaches.

The report itself focusses heavily on data breaches, and whilst the penalty figures proposed in its intentions to fine Marriott and BA are significant, of the 13,840 personal data breach reports received during the course of the year, the ICO has reported that in 82% of cases the ICO determined that no further action was required as the organisation had measures in place or was taking steps to address the breach. Only less than 1% of the cases led to improvement action plans, further investigations, audit visits and/or civil monetary penalties.

To read more about the ICO’s annual report click here.