Data breach complaints up 160% since GDPR came into force

For free real time breaking news alerts sent straight to your inbox sign up to our breaking news emails

Sign up to our free breaking news emails

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Complaints to the Information Commissioner’s Office (ICO) about potential data breaches have more than doubled since stricter regulations came into force in May.

The ICO received 6,281 complaints between 25 May and 3 July this year, a 160 per cent rise on the same period in 2017, figures from commercial law firm EMW show.

Under the General Data Protection Regulation (GDPR), companies can be fined €20 million (£16.5m) or 4 per cent of their worldwide turnover, significantly more than the maximum penalty of £500,000 available under the old law.

Greater media attention and government advertising have boosted individuals’ awareness of their data rights and there is now a more public focus on the accountability of businesses in this area, EMW said.

The figures show that firms holding sensitive personal information, including financial services, education and health were the most complained about, accounting for more than a quarter of the total.

Several companies have come under scrutiny for large-scale data breaches in recent months. On Friday, T-Mobile revealed that it had been hit by hackers who gained access to the details of around two million of its US customers.

That came two days after Superdrug warned its online customers in the UK to change their passwords after cybercriminals claimed to have obtained personal details from 20,000 accounts.

James Geary, principal at EMW, said: “A huge increase in complaints is very worrying for many businesses, considering the scale of the fines that can now be imposed.”

The regulations have also made it easier for people to access data that companies hold about them, leading to an increased volume of requests.

“There are some disgruntled individuals prepared to use the full extent of GDPR that will create a significant workload for businesses,” Mr Geary said.

“We have seen that many businesses are currently struggling to manage the burden created by the GDPR, whether or not that relates to the implementation of the GDPR or reportable data security breach incidents.”