The number of whistleblower reports to the ICO over data breaches has risen 175% in the year since the introduction of GDPR, from 138 in 2017/18 to 379 in 2018/19, according to figures obtained by law firm RPC.

RPC says that the introduction of GDPR in May 2018 has made people significantly more vigilant and aware about the handling of personal data, and more likely to report potential data breaches. The firm adds that the sudden increase in whistleblower reports will be worrying for businesses, especially given the £283m in data breach fines recently issued by the ICO to British Airways and hotel group Marriott International.

Those two fines amount to more than three quarters of the total fines issued by that other well-known regulator, the Financial Conduct Authority, in the whole of the past year; and represent a 53-fold increase on the £3.4m in penalties handed out by the ICO last year.

Richard Breavington, partner at RPC, says: “The jump in whistleblowing reports of data breaches will be a concern to businesses. The ICO’s large fines mean data security continues to be a C-suite issue for businesses that hold personal data. GDPR has driven a cultural shift in how people perceive personal data and its value. More people now see it as part of their personal property, and they are more likely to act if they believe it is being misused.”

“The ICO has shown that it is a regulator to be respected. The FCA had traditionally been thought to be among the tougher regulators in the UK, but the fines the ICO is levying are now on a different scale.There were a lot of eyes on the ICO, waiting to see how it would use its new powers. Few foresaw it hitting a business with such a high fine at this stage. Boards should be moving to ensure their businesses are not just GDPR-compliant on paper, but that they are culturally doing everything possible to ensure appropriate standards of technical and organisational security.”

Share Story: