This essay aims to discuss the challenges and actions taken by the U.K. Information Commissioner’s Office (ICO) in the age of digital economy with value-added applications on ICT to tackle data protection challenges mentioned above. This will be supported by taking the Cambridge Analytica case as an example.The discussed aspects include increased globalism, evolving technology, the General Data Protection Regulation (GDPR), and Brexit. Targeting its significant powers on repeated, failures to take proper steps to protect personal data and deliver information rights, the ICO’s formal regulatory action will serve as an important deterrent where it needs to. The ICO’s areas of missioncoversthe Data Protection Act, the Freedom of Information Act, the Privacy and Electronic Communications Regulations, the Environmental Information Regulations, the INSPIRE Regulations, the eIDASRegulation, the Re-use of Public Sector Information Regulations, the NIS Regulations 2018, the Investigatory Powers Act 2016, and unsurprisingly, the GDPR. As to the case of the Cambridge Analytica, the investigationdone by the ICO includes a disturbing disregard for voters’ personal data. With concerns over social media platforms, political parties, data brokers and credit reference,agencies must have started to question their own processes-sending ripplesthrough the big data eco-system. The author believes that such a lesson would have enough reference experiences enforcing the belief that an independent regulatory institution is essential.