It has been an unprecedented year for the ICO. It released its 2018/2019 annual report shortly following its two recent announcements of intentions to fine the Marriott £99m and British Airways £183m in respect of their data breaches.

The report itself focusses heavily on data breaches, and whilst the penalty figures proposed in its intentions to fine Marriott and BA are significant, of the 13,840 personal data breach reports received during the course of the year, the ICO has reported that in 82% of cases the ICO determined that no further action was required as the organisation had measures in place or was taking steps to address the breach. Only less than 1% of the cases led to improvement action plans, further investigations, audit visits and/or civil monetary penalties.

To read more about the ICO’s annual report click here.

Our use of cookies

We use necessary cookies to make our site work. We'd also like to set optional analytics cookies to help us improve it. We won't set optional cookies unless you enable them. Using this tool will set a cookie on your device to remember your preferences. For more detailed information about the cookies we use, see our Cookies page.

Necessary cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytics cookies

We'd like to set Google Analytics cookies to help us to improve our website by collection and reporting information on how you use it. The cookies collect information in a way that does not directly identify anyone.
For more information on how these cookies work, please see our Cookies page.