ICO: UK Data Breach Reports Up Four Times Under GDPR

The UK Information Commissioner’s Office (ICO) said the number of data breach reports it has received over the past year was four times higher than the year before, following the introduction of stricter data protection laws last May.

The ICO said it had received some 14,072 breach notifications, up from 3,311 during the year ending April 2018.

The GDPR rules introduced a year ago oblige organisations to file a report with data protection authorities within 72 hours when data is lost or leaked.

The number of public complaints also doubled, from 21,000 to 41,054, indicating a higher level of public awareness of the importance of personal data.

Information commissioner Elizabeth Denham. Image credit: ICO

Fines

The ICO has yet to issue a fine under GDPR rules, but said the first penalties were coming.

The GDPR allows authorities to impose fines of up to 20 million euros (£17.6m) or 4 percent of their gradual turnover, whichever is greater.

But the ICO said it wants organisations to focus on getting data protection right rather than potential punshments.

“That said, we will not hesitate to act in the public’s best interests when organisations wilfully or negligently break the law. The enforcement action we have planned during the coming months will demonstrate that,” the ICO said in a statement.

France fined Google £44m in January for GDPR breaches.

Separate figures indicated that there have been a total of 89,271 breach notifications reported over the past year across all countries that have implemented GDPR rules, with 144,376 complaints from the public.

Public awareness at ‘all-time high’

“Public awareness of data protection rights is at an all-time high,” the European Data Protection Board said.

“The first large-scale loss or misuse of individuals’ data under GDPR will be an important test case for the ICO, which will show us how far the regulator is prepared to go in using its new powers – this is a key area to watch,” said

Richard Breavington, a partner at legal firm RPC, said the ICO has already begun levying larger penalties, but even so “has barely scratched the surface of its powers”, while David Blonder, data protection officer at BlackBerry, said consumers were “demanding more” from the companies they do business with.

“Data privacy is no longer a nice to have or marketing strapline,” Blonder said.

“Businesses today must ensure that privacy is embedded by design in the development of services, products and business operations.”

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

12 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

13 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

14 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

16 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

18 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

19 hours ago