Four times as many data breaches have been logged in the UK since the introduction of strict General Data Protection Regulation (GDPR) last May, according to the UK’s Information Commissioner’s Office (ICO).

Public complaints have also doubled, from around 21,000 to 41,000. This data suggests that the GDPR has elevated awareness regarding the importance of personal information.

However, fines in the UK have not yet been issued under GDPR. The legislation was designed to give people more authority over their personal data being collected.

Companies must now inform the regulator – the ICO in the UK- within 72 hours if they lose data or share it without permission. Businesses can also be fined up to 20 million euros (£17.6m) or 4% of their annual global turner – whichever is larger – if they break the GDPR law.

Recommended:

The ICO has emphasised that strict fines are on the horizon, however they want organisations “to focus on how data protection law can help firms to get it right…rather than how they might be punished if they get it wrong”.

In January 2019, Google was fined £44m in France for GDPR breaches by the French data regulator CNIL, for a breach of the EU’s data protection rules. The regulator stated that it judged that people were “not sufficiently informed” about how Google collected data to personalise advertising. Among all EU countries, there have been 89,271 notifications of data breaches with an additional 144,376 public complaints.

Richard Breavington, partner at law firm RPC, said: “The ICO has already begun to ratchet up the value of fines, and it has barely scratched the surface of its powers.

“The first large-scale loss or misuse of individuals’ data under GDPR will be an important ‘test case’ for the ICO, which will show us how far the regulator is prepared to go in using its new powers – this is a key area to watch. However, we don’t expect to see blockbuster fines being levied in the near future.”

Like this: Like Loading...