The Information Commissioner's Office doubled the amount of fines it dished out to organisations in breach of data protection rules last year, issuing £2m in penalties, according to its annual report.
The hike in fines was mainly due to changes in the rules on nuisance marketing. For the previous year 2014/15, the commission issued just £1.1m in fines.
More ReadingHealthcare and local gov are most likely UK bodies to suffer infosec breachesUS govt bank insurer 'covered up China hack to protect top boss'UK.gov's hated Care.data project binnedGoogle off the hook for feeding kids bad cookiesBrexit and data protection: A period of shock and reflection
Some of those fines included £200,000 to the Crown Prosecution Service following the theft of laptops; a massive fine of £350,000 to ProDial Ltd for making over 46 million automated nuisance calls; and one of £70,000 to Direct Security Marketing Ltd for a series of "frightening automated calls sent in the middle of the night".
During 2015/16, the ICO received 16,388 data protection concerns, up from 14,239 the previous year.
Outgoing commissioner Christopher Graham said: “The ICO has had to respond effectively to the unexpected. Big data breaches such as that at TalkTalk."
Graham, who is stepping down from the role today, added that the body had taken an active role in the debate on surveillance and security and the Investigatory Powers Bill and in its responses following the Schrems Judgment.
He added: “Over the coming weeks we will be discussing with government the implications of the referendum result and its impact on data protection reform in the UK.
“With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations and to consumers and citizens. The ICO’s role has always involved working closely with regulators in other countries, and that will continue to be the case.
The ICO also issued an enforcement notice to Google, requiring it to remove nine search results about an individual under the right to be forgotten.
It also noted concerns raised over the ongoing Care.data debacle.
"Some patients told their GP that they objected to having their data shared. However, despite these objections, data sharing has taken place. We have secured a legal undertaking from HSCIC to put measures in place to better respect patient objections," it said.
Other projects included working with the Global Privacy Enforcement Network Privacy Sweep, which saw 29 data protection regulators looking at 1,494 websites and apps targeted at children.
"We found that 67 per cent of the sites and apps collected children’s personal information, with only 31 per cent having effective controls in place. We are following up this work with UK sites and apps." ®