The Information Commissioner’s Office (ICO) – Who Are They And What Do They Do?

If you have been impacted by a data breach you may be worried about securing your data, how you could be impacted and where you can get help. If you received a data breach notification letter you may have been informed you can contact the Information Commissioner’s Office (ICO). But, what is the Information Commissioner’s Office and what is their role?

Key Takeaways

• The ICO is an independent regulatory office. It acts as the UK’s independent authority, set up to uphold information rights.
• The ICO should be informed of any data breach likely to impact peoples’ freedoms and rights.
• Members of the public can get advice and guidance from the ICO.
• You have the right to ask the ICO to determine whether an organisation breached data protection laws
• You may have the right to claim compensation if affected by a breach.

If your data has been involved in a breach, Data Breach Claims could help you. One of our advisors could review your case and, if you have a valid data breach compensation claim, connect you to a solicitor from our panel.

Get help today by:

• Calling 020 8050 6279 to speak to an advisor.
• Talking to us via our live chat.
• Sending the details of your case via our contact form.

 

Frequently Asked Questions

• What Is The Information Commissioner’s Office (ICO)?
• What Are The ICO’s Key Responsibilities?
• How Are Controllers Regulated By The ICO?
• Does The ICO Need To Be Informed Of All Data Breaches?
• Can I Make A Complaint To The ICO After A Data Breach?
• Will A Complaint To The ICO Help Support A Data Breach Compensation Claim?
• Take The Next Steps With Data Breach Claims
• Learn More

What Is The Information Commissioner’s Office (ICO)?

So, what is the Information Commissioner’s Office (ICO)? The ICO was set up as a non-departmental public body in 1984. It reports directly to parliament and primarily upholds information and data protection rights for UK residents. The ICO is funded through data protection fees paid by organisations that process personal data. This means that the ICO can act independently, without political influence.

The ICO has the power to issue (significant) fines on organisations breaching data protection laws. These monetary penalties may amount to a maximum of 4% of an organisation’s worldwide annual turnover or £17.5 million (whichever is higher).

The Information Commissioner’s Office can:

• Provide guidance on data protection laws.
• Provide advice on data protection policies.
• Investigate breaches.
• Take enforcement action, such as issuing fines.

If you know or suspect that your data has been involved in a breach, you could be eligible to claim compensation. Get help and information from our team.

What Are The ICO’s Key Responsibilities?

The ICO oversees data protection laws and has several key responsibilities. Its responsibilities in regard to data controllers (who determine how data may be processed in line with legislation) and data processors (who process this data on behalf of data controllers) include:

• Ensuring compliance with data protection legislation: the ICO is the primary body responsible for ensuring that individuals, public bodies, companies and other organisations comply with the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR). This includes:
  • Ensuring that data processors and controllers uphold the rights of data subjects.
  • Requiring data controllers and processors to have a lawful basis for processing an individual’s data.
• Investigating breaches and complaints: the ICO may investigate data breaches and complaints made by individuals.
• Enforcement action: the ICO has a range of enforcement powers. These include warnings and reprimands, enforcement notices, fines and monetary penalties.
• Promoting openness and transparency: this is to help the public understand their personal data rights and also encourage organisations to respect those rights. They also oversee the Freedom of Information Act 2000.
• Providing guidance: the ICO provides data processors and controllers with detailed guidance on their responsibilities.

The Information Commissioner’s Office may also provide advice to parliament and the government on data protection legislation and policy.

Get in touch with our expert advisors to learn more about when and how to claim compensation.

How Are Controllers Regulated By The ICO?

Data controllers are regulated by the ICO and subjected to direct oversight. This is in line with the UK GDPR and the Data Protection Act.

Key regulatory requirements include:

• Registration and annual fees – data controllers must register with the ICO and pay an annual fee, unless exempt.
• Processing data on a lawful basis – ensuring that data is processed lawfully and complies with data protection principles, such as transparency and fairness.
• Rights and transparency – data controllers must provide clear privacy notices and uphold individuals’ rights to data access, erasure and rectification.
• Accountability and security – controllers must have technical and organisational measures in place to protect people’s data.

The ICO may regulate controllers through:

• Oversight – the ICO may investigate complaints against and conduct audits of data controllers.
• Guidance: the ICO provides data protection toolkits and helps organisations to comply with the UK GDPR and Data Protection Act.

If you are still unsure what is the Information Commissioner’s Office and what do they do, you can contact our advisors today.

Does The ICO Need To Be Informed Of All Data Breaches?

The ICO does not need to be informed of all data protection breaches. Organisations, individuals and public bodies must notify the ICO within 72 hours of discovering a breach which is likely to put people’s freedoms and information rights at risk.

However, all data protection incidents should be recorded by the organisation responsible for securing your data. This must be done regardless of whether any individuals’ data privacy or rights were affected. They should record what happened, any effects of the breach and what action they are taking.

Where a breach is likely to put your rights or freedoms at risk, it must be reported. The breach should be reported by the organisation affected by the breach. If you have received a data breach notification letter, you do not need to report the data breach. You may still contact the ICO to raise any concerns you may have.

If you have been informed your personal data has been breached, contact our advisors today to see how we could help you.

Can I Make A Complaint To The ICO After A Data Breach?

You can make a complaint to the ICO after a data breach, provided that you have already made a complaint to the organisation responsible and are not satisfied with their response or if they have not responded.

A complaint could be made to an organisation if you believe that they have failed to follow good practice or handle your data responsibly. You may make an official complaint to an organisation where they:

• Failed to securely store your information.
• Is holding information which is inaccurate.
• Failed to properly respond to a request for your personal data.
• Is retaining information for longer than they need to.
• Is using your personal information for a reason other than the one it was collected for.
• Has disclosed your information without a lawful basis.
• Is in breach of your data protection rights.

To make a data protection complaint,

1. Make a direct complaint to the organisation, giving them a chance to rectify the situation.
2. Give the organisation, public body or individual one month to respond to your complaint.
3. Ask for a clearer explanation if you are unhappy with their response or do not understand it.

Our team could help you to report a UK GDPR breach and connect you to a solicitor from our panel who specialises in compensation claims. Contact our advisors today.

 

Will A Complaint To The ICO Help Support A Data Breach Compensation Claim?

Making a complaint to the ICO could help to support your data breach compensation claim. The ICO may subsequently investigate the breach. If the ICO believes that a breach has occurred, they may produce a report which can be submitted along with other evidence.

You can collect further evidence to show that the data controller or processor failed to adhere to relevant legislation, causing your personal data to be breached and any harm this caused you. Types of evidence you could collect include:

• The data breach notification letter. This should inform you that a breach has occurred and how it impacted your data.
• Evidence showing any financial losses, such as bank statements or the cost of relocating, etc.
• Medical records which show that you have been formally diagnosed with a psychiatric condition.

A solicitor from our panel could help you to gather supporting evidence. Get in touch with us today for the answers to questions such as “What is the Information Commissioner’s Office and how could they help me?”.

Take The Next Steps With Data Breach Claims

Now that we have addressed the question “What is the Information Commissioner’s Office”, we look at how to take the next steps with Data Breach Claims.

At Data Breach Claims, we have a team of expert advisors. They could provide you with a free, no-obligation assessment of your case. If they believe that you could make a claim, they can connect you to a solicitor from our panel.

A data breach solicitor from our panel could help you by:

• Explaining how a data controller or processor may be in breach of data protection legislation.
• Taking you through the claims process and explaining any complex terms.
• Help valuing your claim.
• Help accessing therapy or other mental health services.
• Filing your claim and negotiating with the other party.

Our panel of solicitors could also help by offering to take your case on through a type of No Win No Fee agreement, called a Conditional Fee Agreement (CFA). The benefits of this type of agreement include:

• Not having to pay a solicitor’s fee at the start of your case or whilst it is ongoing.
• Not having to pay a solicitor’s fee if the claim is unsuccessful.

In fact, under a CFA, you only pay if and when you are awarded compensation. The maximum percentage of your compensation which may be charged as a success fee is limited by law.

Contact Our Team Of Advisors

Contact our team of advisors to learn more about how a No Win No Fee solicitor could help you. An advisor could assess whether you are eligible to claim compensation and put you in contact with a specialist solicitor from our panel. They could help you to sue a company or other party for a data breach.

Get more information about data breach claims.

• Call 020 8050 6279.
• Use our online support below.
• Contact us using our form today.

Our team of advisors are on hand 24/7 to help you.

Learn More

Find more helpful guides and resources below.

• View data breach case studies in this guide.
• Check how to claim for an address data breach in this resource.
• Learn about the types of personal data breach you can claim for in this guide.

References.

• Learn more about legislation the ICO covers, in this resource from the ICO.
• Read about public interest conditions where your data may be processed in this guide.
• Find guidance from the National Cyber Security Centre in this resource.

Thank you for reading our guide answering the question “What is the Information Commissioner’s Office?”. If you have any other questions about data breach claims, please get in touch with our team.