Information Commissioner's Office Reviews 500

Omg I knew before I looked I thought when I saw there page that they were professional but then I listened to excuses and unprofessional staff I thought another let down I contacted them about police failing to give me my data records witch I breaking law avoid this place massive let dow

Utterly useless.

My partner and I were the victim of fraud when our personal data was stolen and sold on by a sham company (who are still operating). We lost thousands and incurred damage to our property.

ICO have seen the evidence of illegal, intentional, and fraudulent data breach right before their eyes, and have come up with absolutely nothing to bring the perpetrators to account, other than to tell us they won't be taking it any further.
They have provided no reason as to why. Zero. They effectively admitted *themselves* that the company were breaking the law and that they had received similar complaints from other victims about the same business.

This is a perfect example of a complete waste of taxpayers' money. They literally have *one* job and they effectively do nothing towards delivering it.
(Hopefully the next government will close them down or drastically shake them up.)

Message to any individuals or businesses who are thinking of breaking personal data protection law:

"Go ahead, be as blatant as you like, break the law, as the ICO will do absolutely zero to hold you to account and you'll get away with it every time."

It takes 40 weeks to receive a response from the ICO for an organisation that didn't respond to a FOI request? What an absolute joke. A pointless and pathetic excuse of a service. Shut this organisation down immediately.

You’d get a lot more help out of a quick google search. Waste of time don’t bother, try and hurry you away because they can’t be bothered. Hopefully the actual process is different but given the 96% 1 star review, I’ve no faith at all. Clearly don’t care either no wonder

ICO Case IC-359278-P6V5 & IC-357745-H5X6:

GDPR – Right to Rectification: The ICO provides guidance indicating that individuals have GDPR-RTR rights to request amendments to medical records and inaccurate data held by public organisations.

However, when NHS Tayside and the SPSO declined to rectify their data, the ICO permitted these organisations to accept a respond to challenges regarding data accuracy, with the onus placed on me to provide supporting evidence.

Comprehensive medical records and clear process failures were submitted to the ICO. Nevertheless, these details were not utilised to persuade the agencies involved to align their practices with the ICO’s GDPR-RTR principles or to resolve the issue in accordance with their guidance.

On appeal, the ICO Team Leader upheld the original case officer's decision, and my complaint was not supported.
The ICO concluded that if I wished to amend my medical records or data, the appropriate course of action would be to seek resolution through the courts.
As a result, the inaccurate data remains uncorrected within my complaints about these organisations.

It is important for the ICO to either enforce its stated data principles or reconsider their presentation on the website and in practice.
My experience confirms that the current approach may not yield effective outcomes for individuals seeking rectification.

What an utter waste of time for everyone and a waste of Government spending.

I would have scored this service with a ZERO if it was an option.

Gave evidence the received and email saying 29 weeks, Then a reply two weeks later to say they will not invesitage but use for information only, A waste of time and Energy for an Organisation that is useless and should be scrapped

Contacted them after Equifax told me that they had breached DPA by telling me the answers to my security questions without doing security. Provided a screenshot of their admission.
Received a response saying that they "couldn't find a reason to uphold my complaint" even though I provided evidence that the company admitted it!
Isn't the first time that I complained about DPA issues, including a DSAR I needed for a court case taking 90 days instead of 30.
Complaints ignored.
Absolutely useless

Yet another pointless organisation designed to extract money from small businesses while offering absolutely nothing in return. There is no service, no support, no benefit, and no value, just a demand for payment backed by legal threats. This is not regulation, it’s forced funding. You pay because you’re bullied into it, not because it helps your business in any way. Small businesses are already suffocating under endless costs, and organisations like this exist purely to drain money under the excuse of “compliance”. The reality is simple: pay up or be punished, regardless of whether you gain anything. Completely detached from real-world small business struggles.
A textbook example of bureaucracy feeding itself while offering zero practical value.

Absolutely appalling service in My experience they been extremely slow and largely unresponsive. I repeatedly had to chase for basic progress. When responses did arrive, they felt overly deferential to the organisation refusing disclosure, rather than focused on enforcing statutory access rights. Overall, I found the service ineffective and not fit for purpose.

Two companies refused to provide me with my personal data as required by law. Complained to ICO.

About three, yes three months later, they simply said ‘we have noted this’. Why on earth didnt they take action such as instructing them to provide the info?

Whats the point in a law companies can simply ignore? And whats the point of a regulator who doesn’t regulate?

I complained to the ICO over not being able to access my data held by UPS. After waiting over 3 months their response was "go to court". On their website this is precisely what they deal with apparently.

May I actually ask what this organisation does? From what I can see its another pointless waste of money government department that sit around and do sod all every day. When you begin a company this lot are straight on to you for money, I could not in good conscience give these clowns a penny.

The experience with this company has been a terrific waste of time and it is now no wonder why companies disregard GDPR regulations knowing there is no-one around to enforce it. Don’t waste your time with these fools.

Waited over 6 months for them to give a template reply and say they will put my complaint on file. Didn't come back asking for evidence or the other business braking the law. They did say I could seek legal advice and take them to court, but if that is the case, why doesn't the ICO pursue the corrupt business.

Reported Toyota financial services for persistent unethical use of my data.
Waited 4 months for them to advise me they weren’t going to pursue anyone, and weren’t going to look into my complaint any deeper! ‘We will note your concerns but don’t deal with individual complaints’ Surely I’m not the only one being affected by this?
Another Quango type organisation just like ABTA, OFGEM, OFCOM etc.
Set up to present the illusion that you have some sort protection, and a of place to report wrongdoings when things are not handled by useless businesses that don’t care about their customers. In fact they are a toothless waste of time.
Very unhappy but unfortunately another example of the downward spiral of our country!

The ico is a USELESS simple as that. They are not fit for purpose and a COMPLETE WASTE OF TIME. If you have a data issue bypass them and go straight to court. The ICO is pointless

I called up in regards to E.on trying to mine my data (moving in a few days and octopus couldn't change supplier because E.on wouldn't let them)

I then call E.on to be sent to an outsourced call centre with quite arrogant staff demanding my personal data (i'm not the previous tennant, nor required to give them such data) to let Octopus change supplier to them, they escalate, it gets heated and they cut the call off having not assisted

I call the ICO to make a complaint, and they want me to send all emails..........

how can I do this? the point is that i don't want anything to do with such a disgusting company to begin with and i don't want to give them my data (which you would expect to be in the ICO's remit)

I then after having to demand a supervisor or manager (because child in the ICO wouldn't get one (as he wasn't listening to anything i had said (then threatened to cut the call off for telling him (in these exact words to "get off your seat and get one then"))

I tried to explain again to the supervisor who again wasn't listen and went full NPC, i then after having enough, point out that (again exact words) "you are a disgrace as an organisation to the country", then because fee fees hurty wurty (even though this is a fact) they decided they didn't like it and cut the phone off, therefore doing literally nothing to assist YET AGAIN

also, they've said it will take at least 29 weeks before the complaint is even assigned,

HOW IS THE ICO NOT BEING INVESTIGATED AT THIS POINT FOR THEIR TERRIBLE SERVICE!!!!!!

Hewlett Packard broke GDPR rules keeping my details on file longer than necessary. I left 12 years prior to them being hacked and ALL of my personal data stolen. They took months to inform me and offered no compensation.

I asked ICO to investigate over 6 months later they confirmed HP had made mistakes but have no power to comply them to compensate nor were they going to get fined.

What is therefore the point of the ICO?
How many collective hours are wasted by employees following mandatory training when if you lose someone's data there are no repercussions?

Honestly a waste of time, tax payers money and needs to be scrapped and replaced with something fit for purpose. Has teeth, that companies who break the rules fear and can compel companies to compensate. If I could you'd get zero stars.

The fact you have 1.2 is a miracle

i had a company ignore a SAR request. They took half a year to "investigate" and then said they tried to contact them and where ignored and would take no further action. They also got details of what i told them wrong. Completely missing out details i had sent them.
Obviously this being an unacceptable outcome, i raised a complaint about how the case was handled by the ICO. I recieved an almost identical email to the first, addressing not a single one of my complaints and simply restated they will take no action.

So seems simple enough, if you run a company do whatever you want with peoples personal informtation, the ICO will not take any enforcement action , even when given clear evidence of a breach

This country is full of failing organisations but the ICO must surely be one of the worst that I have come across.

As other reviewers have said, the ICO is beyond useless. It took them 7 months to respond to a complaint that I submitted to them about a breach of UK GDPR. The organisation in question was abusing one of the exemptions from the disclosure requirements, but the caseworker simply accepted, without question, what the organisation's data protection officer had told me. When I asked for a review of the decision, I got the same outcome!

Organisations up and down the land must be dancing around with glee - in the knowledge that the ICO won't enforce data protection law!

Some years ago, I referred what I considered a serious complaint to the ICO concerning unlawful processing of personal medical data by an online prescription service. They had repeatedly changed my NHS prescription nomination without my permission and, on more than one occasion, set up accounts in my name using fabricated login details. I provided evidence that other patients had experienced similar intrusions. I was especially concerned because medical data is, for obvious reasons, supposed to benefit from enhanced protection under data protection law.

After a very protracted process in which both the pharmacy and the NHS were formally found to be non-compliant with data protection law, I was informed that no further action would be taken. When I asked for this decision to be reviewed, I received a somewhat curt response which suggested a measure of irritation and misstated the legal standard of proof that should be applied in ICO investigations. I was told to contact the Local Government Ombudsman if I remained dissatisfied.

Following the most recent data breach by the same pharmacy, again involving a fabricated account and fictitious login details, I approached the ICO again. I was informed that details of the previous investigations were not retained and I should approach the culprit myself. This was despite me never having had any dealings with the company nor having given them permission to process my data at any time.

In short, the ICO is, in my experience, not fit for purpose and does not provide the protections it should as a regulator. The formal reports were not even published on their website which suggests a grave lack of transparency and there is a marked reluctance to exercise the wide powers given to them by parliament.

A regulator that does not enforce the law is no regulator at all.

These people are beyond useless. It takes them months and months to pick up a complaint and then they don't do a single thing. There's no point in their existence. No wonder companies do whatever they like, they know nothing will happen because the ICO are beyond incompetent