Complaints to the UK’s Information Commissioner’s Office (ICO) about potential data breaches have more than doubled since the General Data Protection Regulation (GDPR) came into effect, according to research from commercial law firm EMW.

Significant workload

There were 6,281 complaints between May 25 2018, when GDPR came into force, and 3 July 2018, a 160% rise from just 2,417 complaints over the same period in 2017. EMW says that businesses should be concerned about the significant increase in complaints and the size of potential fines that can be levied under the new GDPR. Under the new regulations the cap on each fine is now €20 million (roughly £16.5 million) – or 4% of worldwide turnover of the entity being fined) – 33 times more than the maximum £500,000 fine under the old law. James Geary, Principal at EMW, comments ‘a huge increase in complaints is very worrying for many businesses, considering the scale of the fines that can now be imposed. There are some disgruntled individuals prepared to use the full extent of GDPR that will create a significant workload for businesses.’

Taken by surprise

EMW adds that individuals are most likely to make complaints when their sensitive personal and financial data is at risk. The financial services sector received over 10% of all complaints (660), with businesses in the education and health sectors receiving a combined 1,112 complaints. Mr Geary explains, ‘we have seen that many businesses are currently struggling to manage the burden created by the GDPR, whether or not that relates to the implementation of the GDPR or reportable data security breach incidents.’ He adds, ‘despite this being on the horizon for a couple of years, the reality of the work involved in implementation and ongoing compliance may have taken many businesses by surprise.’ Mr Geary concluded, ‘the more data a business has, the harder it is to respond quickly and in the correct compliant manner.’