Data breach whistleblower reports to ICO increase by 175% since GDPR

The number of whistleblower reports to the ICO over data breaches has risen 175% in the year since the introduction of GDPR, from 138 in 2017/18 to 379 in 2018/19, according to figures obtained by law firm RPC.

RPC says that the introduction of GDPR in May 2018 has made people significantly more vigilant and aware about the handling of personal data, and more likely to report potential data breaches. The firm adds that the sudden increase in whistleblower reports will be worrying for businesses, especially given the £283m in data breach fines recently issued by the ICO to British Airways and hotel group Marriott International.

Those two fines amount to more than three quarters of the total fines issued by that other well-known regulator, the Financial Conduct Authority, in the whole of the past year; and represent a 53-fold increase on the £3.4m in penalties handed out by the ICO last year.

Richard Breavington, partner at RPC, says: “The jump in whistleblowing reports of data breaches will be a concern to businesses. The ICO’s large fines mean data security continues to be a C-suite issue for businesses that hold personal data. GDPR has driven a cultural shift in how people perceive personal data and its value. More people now see it as part of their personal property, and they are more likely to act if they believe it is being misused.”

“The ICO has shown that it is a regulator to be respected. The FCA had traditionally been thought to be among the tougher regulators in the UK, but the fines the ICO is levying are now on a different scale.There were a lot of eyes on the ICO, waiting to see how it would use its new powers. Few foresaw it hitting a business with such a high fine at this stage. Boards should be moving to ensure their businesses are not just GDPR-compliant on paper, but that they are culturally doing everything possible to ensure appropriate standards of technical and organisational security.”

    Share Story:

YOU MIGHT ALSO LIKE


The Future of Risk & Resilience with AI & Data
CLDigital's Co-Founder, Tejas Katwala, joins CIR Magazine to discuss how CLDigital is transforming enterprise risk and resilience. By integrating business processes, AI and data-centric strategies, organisations can move beyond compliance to proactive risk management – simplifying operations, strengthening resilience, and driving business performance. Listen now to explore the future of intelligent risk management.

Investec is disrupting premium finance – Podcast
Investec made waves in entering the premium finance market, where listening and evolving in response to brokers made a real difference.

Advertisement