There is a wealth of information available on the ICO’s website, however, probably one of the most visited areas is ‘Action We’ve Taken’. In particular, the enforcement notices, audits, advisory visits and overview reports.
Enforcement notices detail the actions, monetary penalties, undertakings and prosecutions, including by type and sector. So, if you are asked by your senior management team what sort of fines and actions the ICO is likely to levy on organisations like yours, this is the place to gain an insight into Information Commissioner’s areas of focus and concern.
Audits, advisory visits and overview reports provide a summary of what the ICO has seen when visiting and working with organisations. This is a window to what the ICO expects. The audit reports, notably the sections addressing findings and areas for improvement, provide an indication of the ICO’s requirements and what ‘good looks like. The information found in these reports is invaluable when considering your own data protection arrangements and their adequacy.