top of page
Staff awareness of Cyber threats

This year, a record 79 enforcement actions have been issued by the Information Commissioner’s Office (ICO), 47 of which are monetary penalties – already more than the amount in the whole of 2016 – including the largest fine on record in relation to excessive nuisance calls.


Incidents include:


  • Office cabinets containing sensitive records of children were sent to a second-hand shop.

  • DVDs containing interview footage of victims were lost in the post.

  • Sharing data with other charities, ranking donors according to wealth and finding out their information that had not been disclosed.

  • 99.5 million nuisance calls made using automated marketing messages.


The increased activity suggests the ICO is preparing for the EU General Data Protection Regulation (GDPR), which imposes tougher requirements to improve the security of personal data for EU residents. “Organisations have a responsibility to themselves and the general public to uphold the security of personal data in compliance with legislation,” says Alan Calder, Founder and Executive Chairman of IT Governance ( “With the GDPR and Network and Information Security (NIS) Directive coming into effect, businesses should think about the necessary steps towards achieving clear organisational and technical policies to avoid the reputational and financial damage associated with data breaches.”


To help employee understanding, IT Governance offers the Security Awareness Programme (, a bespoke training campaign tailored to each organisation’s needs that embeds a data security culture across the board.

bottom of page