Report: U.K. Data Privacy Complaints Spike Under GDPR Enforcement
Nearly 6,300 documented grievances have been filed by U.K. individuals and companies claiming their personal data has been accessed without permission since the European Union’s General Data Protection Regulation (GDPR) took effect in late May, a new report said.
And, that’s only for the six weeks from the regulation’s launch last May 25 to July 3, more than 2.5 times the number recorded in the same period last year, according to data compiled by the U.K.’s Information Commissioner’s Office (ICO), a regulatory watchdog, the Financial Times (FT) said.
The figures, obtained by a law firm under a freedom of information (FOI) filing, include companies self-reporting episodes of privacy breaches. Roughly 10 percent of the complaints are linked to financial services, with others coming from the education, health and local government sectors, the report said.
An increase in awareness of data privacy rights by consumers and businesses is propelling the sharp rise in data breach reports, to where the ICO is hiring at a feverish pace and its annual funding is expected to rise more than 50 percent to £38 million ($49 million) in 2018-19, the agency said, the FT reported.
The spike in objections should alert businesses, James Geary, a principal at EMW, the law firm making the FOI request, told the FT. “A huge increase in complaints is very worrying for many businesses, considering the scale of the fines that can now be imposed,” he reportedly said. “Despite [GDPR] being on the horizon for a couple of years, the reality of the work involved in implementation and ongoing compliance may have taken many businesses by surprise,” Geary is quoted as saying.
Last month, the ICO hit social media giant Facebook with the maximum penalty of £500,000 (roughly $650,000) under earlier data protection laws, over its sharing with Cambridge Analytica of personal data on millions of its users without their permission and not protecting their private information.
Had Facebook been fined under the GDPR the penalty would have been $1.6 billion, according to a Business Insider calculation.
A recent survey on organizational awareness and preparedness on GDPR conducted by the Cloud Security Alliance (CSA) found that nearly 90 percent of respondents were concerned about incurring GDPR-related fines. CSA said that on average organizations have set aside an nearly $4.3 million for expected GDPR penalties.
While administrative fines under the GDPR can reach an imposing 20 million euros or four percent of annual global sales, a second level of fines of 10 million euros or two percent of global annual revenue involves infringing on data protection rights, according to consultant I-Scoop.