Whistleblower data breach reports almost triple after GDPR crackdown
The ICO has come down hard on companies breaching GDPR recently, handing out almost £300 million in fines to British Airways and Marriott.
Whistleblower reports over data breaches have almost tripled over the past year since the introduction of GDPR.
Reports from whistleblowers over data protection surged by 175% to 379 in the year to May 2019, from 138 a year earlier, according to research from City law firm RPC.
The firm said that the introduction GDPR in May 2018 has made people more vigilant over the handling of personal data, increasing the number of reports to the Information Commissioner’s Office (ICO).
The ICO has come down hard on companies breaching GDPR rules in recent weeks, handing out almost £300 million in fines to British Airways (BA) and Marriott International.
Last week, British Airways was issued with a record £183 million fine by the ICO after personal data relating to around half a million passengers was compromised during the hacking incident.
Hotel group Marriott was also slapped with a fine of £99 million over a data breach which is estimated to have affected around 339 million customers.
Richard Breavington, partner at RPC, said: “The jump in whistleblowing reports of data breaches will be a concern to businesses.
“The ICO’s large fines mean data security continues to be a C-suite issue for businesses that hold personal data.
“There were a lot of eyes on the ICO, waiting to see how it would use its new powers.
“Few foresaw it hitting a business with such a high fine at this stage.”
The number of whistleblowers reporting data breaches declined by 16% in the year to May 2018 but shot up after the data protection crackdown.
The powers of the ICO, as well as its regulatory partners in Europe, were significantly bolstered by the law change.
It gave the watchdog the ability to issue fines of up to £18 million, or 4% of annual turnover, depending on which is greater.
Mr Breavington added: “GDPR has driven a cultural shift in how people perceive personal data and its value.
“More people now see it as part of their personal property, and they are more likely to act if they believe it is being misused.”