ICO helps business as data breach notifications soar


Regulator fines and a sharp rise in the number of data breach notifications sent to the ICO suggest the GDPR effect is kicking in.

The UK data watchdog has said it is experiencing a four-fold increase in the number of personal data breach reports in 2018/19 over the number from the previous 12-month period.

In an “unprecedented” year in data protection, the staff at the UK regulator received 13,840 reports in comparison to the 3,311 received over 2017/18.

As revealed by figures in the ICO’s annual report, the figure regarding public complaints rose in similar fashion over the same time-frame. General business organisations sent the most (18%) reports, while 16% and 13% of the notifications came from health and education respectively.

The last two years have also seen an increase in businesses reaching out to the ICO for guidance, with instances of phone calls, live chats and written advice going up from 283,727 in 2017/18 to 471,224 in 2018/19.

Information Commissioner, Elizabeth Denham, said:

“The ICO has covered an enormous amount of ground over the last year. This spanned the introduction of GPR to record-setting fines and a record number of people raising data protection concerns. The biggest moment of the year was the GDPR coming into force.

“This saw people wake up to the potential of their personal data, leading to greater awareness of the role of the regulator when their data rights aren’t being respected. The doubling of concerns raised with our office reflects that.”

The UK regulator has also noted a marked increase in its workforce, with staff numbers shooting up from 505 to over 700. Most of the newly acquired workers are taking care of data protection complaints and dealing with customer advice.

Elizabeth Denham continued:

“So many of our conversations are around the use of personal data in digital services. It is early stages, but the GDPR has so far demonstrated that it is a law that can work alongside emerging technologies and creative approaches.

“There’s no dichotomy between digital innovation and data protection. But progress relies on consumers trusting organisations with their data, and organisations stand at the front line on this.”

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/