1 min read

UK’s Information Commissioner publishes Annual Report as Data Protection Commission releases its 2 year Report on Regulatory Activity

Read moore

By Lisa Broderick, Rowena McCormack, Julie Anne Binchy, Charlotte Burke & David Freeman


Published 03 September 2020


 July 2020, the UK’s data protection regulator, the Information Commissioner’s Office (“ICO”) published its annual report. The report covers the twelve month period from March 2019 to 2020 and provides an interesting insight into what the Information Commissioner described as a “transformative period” for privacy and data protection.

The ICO’s report comes hot on the heels of the Irish Data Protection Commission’s (“DPC”) two year Report on Regulatory Activity which provides an assessment of the DPC’s regulatory activities since the implementation of the GDPR.

The reports provide an interesting insight into the enforcement work being done by the UK and Irish regulators and make clear that individuals (in both jurisdictions) are more aware than ever of their rights under the GDPR. As an illustration of this point, the DPC’s report outlined that there has been “an enormous increase in the number of communications” it receives from individuals since the implementation of the GDPR, with it having received over 85,000 telephone calls, emails and letters since May 2018. In addition, the DPC outlined that in the same period it received 12,437 breach notifications, most of which stemmed from unauthorised disclosures. The ICO’s report stated that it received 25,694 breach notifications in the same period and noted a similar, substantial increase in communications to its office since the implementation of the GDPR.

Both regulatory reports provide a compelling overview of the data regulatory landscape in Ireland and the UK and demonstrate similar trends in the neighbouring countries. Copies of the reports can be found here and here.