The number of whistleblowers reporting concerns over potential data breaches to the Information Commissioner’s Office (ICO) has almost tripled since the introduction of GDPR rules last year, new research has found.
Data obtained by law firm RPC revealed reports to the regulator concerning data protection issues rose to 379 in the year to May 2019, up from 138 in the previous 12 months.
This may reflect the fact that individuals have become much more aware of the responsibilities placed on companies under the GDPR regime, as well as the risks posed by data breaches.
Partner at RPC Richard Bevington commented that the increase in reports will be a “real concern” to businesses, especially given the large fines that have recently been meted out by the ICO for breaches.
Last week, the regulator issued British Airways and Marriott International with fines totalling over £262 million for breaches that had compromised the personal and financial details of millions of customers.
Mr Bevington said these penalties mean data security is no longer an issue that can be left to the IT department, but must be addressed at the C-Suite level as a major business risk.
“There were a lot of eyes on the ICO, waiting to see how it would use its new powers. Few foresaw it hitting a business with such a high fine at this stage,” he continued, noting that the size of the fines have shown that the ICO is a regulator to be respected.
It was also noted that the introduction of GDP has led to a “cultural shift” in how people perceive personal data and its value.
The new rules mean that more people now see their information as being as much a part of their personal property as physical assets, and they are more likely to act if they believe it is being misused.