The number of complaints received by the Information Commissioner’s Office (ICO) about potential data breaches more than double since the EU’s General Data Protection Regulation (GDPR) came into force earlier this year.
According to figures published by commercial law firm EMW, the regulator dealt with 6,281 complaints between 25th May – the date GDPR took effect – and 3rd July this year. This was a 160 per cent increase on the figures for the same period last year.
EMW suggested that greater media coverage and government advertising have helped educate consumers about their rights when it comes to their personal information, while there is also a greater public focus on accountability for businesses that hold this data.
James Geary, principal at EMW, said: “A huge increase in complaints is very worrying for many businesses, considering the scale of the fines that can now be imposed.”
Under GDPR, the penalties for a major data breach have been hugely increased. Previously, the ICO could levy a maximum fine of £500,000 for a serious incident, but now this has been increased to €20 million (£16.5 million), or four per cent of a company’s global turnover – whichever is higher. This means that for the largest firms, potential fines could add up to hundreds of millions of pounds.
Mr Geary stated: “We have seen that many businesses are currently struggling to manage the burden created by the GDPR, whether or not that relates to the implementation of the GDPR or reportable data security breach incidents.”
He also noted that, as GDPR also makes it easier for consumers to access data that companies hold on them, there has been a large rise in the number of people seeking access to their data.
This has led to a small number of “disgruntled individuals” who are prepared to use the full force of GDPR, which is creating a significant extra workload for businesses as they try to process these requests and meet their new obligations.