Huge rise in GDPR complaints - who's to blame?
Since the General Data Protection Regulation (GDPR) came into effect, complaints about potential data breaches have more than doubled. Is this a surprise? And who’s fault is it anyway?
Recently, law firm EMW carried out research into complaints made to the Information Commissioner’s Office (ICO) about potential data breaches. They were especially interested in the rate of complaints since the GDPR came into effect on May 29th of this year.
The result? Since the end of May, such complaints have more than doubled. Between May 25th 2018 and July 3rd 2018, there were 6,281 data breach complaints, compared to 2,417 for the same period in 2017. That’s an increase of 160%. Those companies now find themselves in danger of paying large fines.
It seems that a number of these are ‘double-complaints’, where disgruntled consumers are making several, repeated complaints for each consecutive breach.
We wonder whether this increase should come as a surprise. The months prior to the May deadline, saw unprecedented activity
intense media coverage
seemingly endless coverage in the business community. Millions were made by businesses and individuals holding conferences, seminars and webinars.
Consequently, there is now far greater public focus and awareness on the accountability of businesses, regarding their handling of personal data.
EMW’s research shows that people are most likely to register complaints when their sensitive financial and personal data are at risk. Over 10% of all complaints (660) were made against the financial sector. The education and health sectors combined received 1,112 complaints.
We should all, regardless of the size of our business, be aware about this increase in complaints and the level of fines that can be potentially be imposed.
Under the new regulations, the maximum of each fine has been raised to £18m, or 4% of turnover.
James Geary of EMW says, ‘A huge increase in complaints is very worrying for many businesses, considering the scale of the fines that can now be imposed. There are some disgruntled consumers prepared to use the full extent of GDPR that will create a significant workload for businesses.
‘We have seen many businesses are currently struggling to manage the burden created by the GDPR, whether or not an incident even needs to be reported. The reality of implementation may have taken many businesses by surprise.
The tone here is sympathetic towards businesses who are struggling with the legislation. However, we would suggest that businesses have had many months to become compliant. This is a law which makes good sense. It is designed to protect individual’s personal information. So it’s natural that, following the wealth of publicity that preceded the regulations coming into effect, the public should be aware of the changes and take advantage of the opportunity to protect their interests.
Of course, the lesson for all businesses is simple. Be aware. Be compliant. Be safe from potential penalties.
This legal information is not the same as legal advice and you may not rely on our post as a recommendation of any particular legal understanding. Please, consult an attorney if you’d like to get an advice on your interpretation of this article.