Significant rise in number of data breach notifications since introduction of GDPR

19 Jun 2019

Research carried out by law firm Pinsent Masons has suggested that, since the introduction of the General Data Protection Regulation (GDPR) on 25 May 2018, there has been a 'significant rise' in the number of data breach notifications reported to regulatory body the Information Commissioner's Office (ICO).

The GDPR applies to all businesses in the UK, regardless of size or structure. It places greater emphasis on transparency and accountability, and holds firms accountable for safeguarding the collection, usage and storage of individuals' personal data.

According to the research, UK businesses are 'reporting data breaches in a greater number than in many other parts of the EU'. Since the introduction of the GDPR, the ICO has received a monthly average of 1,276 data breach notifications. This equates to 43 notifications per day, Pinsent Masons revealed.

'The spike seen in incidents reported to the ICO can, in part, be attributed to the greater awareness of the new 72-hour timeframe under the GDPR,' said Stuart Davey, Senior Associate at Pinsent Masons.

'There is a lack of detailed regulatory guidance to help the assessment of whether the reporting threshold has been met, which means that it is often very difficult for data controllers to make a finding at such an early stage. As a result, many are understandably choosing to notify on a precautionary basis to avoid falling foul of the new requirements, or receiving a significant GDPR fine.'

Businesses who fail to comply with the GDPR are subject to stringent financial penalties, with fines costing up to €20 million, or up to 4% of total annual worldwide revenue, whichever is the greater.