Since GDPR came into force just over a year ago, complaints to the Information Commissioner’s Office (ICO) have almost doubled – up from 21,000 to 41,000. More than 14,000 data breaches have also been logged with the ICO.
Across all the EU countries which have implemented GDPR, there have been a total of 89,271 notifications of data breaches, and 144,376 complaints from the public.
The prevailing theory is that the number of data breach complaints are on the rise simply because GDPR has raised awareness around the importance of personal information.
Even so, no fines have yet been issued in the UK for a breach of the GDPR rules – so, has it really all been worth it?
What is GDPR?
General Data Protection Regulation (GDPR) is a data protection policy that was launched across the EU on May 25, 2018. It was designed to give people more control over the data being collected on them, and if your business contacts customers in any way, via telephone, text, email or even has a customer-facing website, you’ll need to be compliant with the legislation.
For more information, check out our Small Business Guide to GDPR
What are the consequences of breaching GDPR?
GDPR rules state that if a company loses your data or shares it without your permission, you have 72 hours in which to inform the regulator, which is the ICO in the UK. If a company is found to have broken the law, it can be fined the greater of €20 million (£17.6 million) or 4% of its annual turnover.
Although no fines have yet been issued, the ICO is keen to stress that the role of GDPR is to bring about real change rather than bring in money through fines. An FCO spokesman said that although fines will follow, it wants companies “to focus on how data protection law can help firms to get it right… rather than how they might be punished if they get it wrong”.
Which companies have fallen foul to GDPR?
Google has been the biggest casualty of the data legislation so far, having been fined €50 million in France for GDPR breaches.
But it’s not the only company to fall foul of GDPR – a Portuguese hospital was fined €400,000 after its staff used bogus accounts to access patient records, while a German social media and chat service was fined €20,000 for storing social media passwords in plain text.
If your business isn’t yet GDPR compliant, you’ll need sort that as soon as possible. For tips on how to make sure you’re on the right side of the legislation, check out General Data Protection Regulation (GDPR) at local.gov.uk.