The number of whistleblower reports to the ICO over data breaches has jumped 175% in the year since the introduction of GDPR, from 138 in 2017/18 to 379 in 2018/19*, says City-headquartered law firm RPC.
RPC says that the introduction of GDPR in May 2018 has made people significantly more vigilant and aware about the handling of personal data, and more likely to report potential data breaches.
The firm adds that the sudden increase in whistleblower reports will be a real concern to businesses, particularly given the £283m in blockbuster data breach fines recently handed out by the ICO to British Airways and hotel group Marriott International.
Those two fines, issued in little more than 24 hours, amount to more than three quarters of the total fines issued by the Financial Conduct Authority in the whole of the past year. They also represent a 53-fold increase on the £3.4m in penalties levied by the ICO last year.
Richard Breavington, Partner at RPC, says: “The jump in whistleblowing reports of data breaches will be a concern to businesses. The ICO’s large fines mean data security continues to be a C-suite issue for businesses that hold personal data.”
“GDPR has driven a cultural shift in how people perceive personal data and its value. More people now see it as part of their personal property, and they are more likely to act if they believe it is being misused.”
“The ICO has shown that it is a regulator to be respected. The FCA had traditionally been thought to be among the tougher regulators in the UK, but the fines the ICO is levying are now on a different scale.”
“There were a lot of eyes on the ICO, waiting to see how it would use its new powers. Few foresaw it hitting a business with such a high fine at this stage.”
“Boards should be moving to ensure their businesses are not just GDPR-compliant on paper, but that they are culturally doing everything possible to ensure appropriate standards of technical and organisational security.”