[BreachExchange] 3 months after GDPR data breach complaints already more than doubled

Destry Winant destry at riskbasedsecurity.com
Wed Aug 29 09:33:28 EDT 2018 

http://www.globallegalpost.com/big-stories/3-months-after-gdpr-data-breach-complaints-already-more-than-doubled-33719982/

Complaints to the UK’s Information Commissioner’s Office (ICO) about
potential data breaches have more than doubled since the General Data
Protection Regulation (GDPR) came into effect, according to research
from commercial law firm EMW.


Significant workload

There were 6,281 complaints between May 25 2018, when GDPR came into
force, and 3 July 2018, a 160% rise from just 2,417 complaints over
the same period in 2017. EMW says that businesses should be concerned
about the significant increase in complaints and the size of potential
fines that can be levied under the new GDPR. Under the new regulations
the cap on each fine is now €20 million (roughly £16.5 million) – or
4% of worldwide turnover of the entity being fined) – 33 times more
than the maximum £500,000 fine under the old law. James Geary,
Principal at EMW, comments ‘a huge increase in complaints is very
worrying for many businesses, considering the scale of the fines that
can now be imposed. There are some disgruntled individuals prepared to
use the full extent of GDPR that will create a significant workload
for businesses.’

Taken by surprise

EMW adds that individuals are most likely to make complaints when
their sensitive personal and financial data is at risk. The financial
services sector received over 10% of all complaints (660), with
businesses in the education and health sectors receiving a combined
1,112 complaints. Mr Geary explains, ‘we have seen that many
businesses are currently struggling to manage the burden created by
the GDPR, whether or not that relates to the implementation of the
GDPR or reportable data security breach incidents.’ He adds, ‘despite
this being on the horizon for a couple of years, the reality of the
work involved in implementation and ongoing compliance may have taken
many businesses by surprise.’ Mr Geary concluded, ‘the more data a
business has, the harder it is to respond quickly and in the correct
compliant manner.’

More information about the BreachExchange mailing list