The number of data breaches reported by whistleblowers to the Information Commissioner’s Office (ICO) has jumped 175 per cent in since the General Data Protection Regulation (GDPR) was introduced.

A Freedom of Information request from law firm RPC revealed that the number of breaches highlighted by individuals concerned over consumer data privacy rose to 379 reports in 2018-2019, from 138 in 2017-18.

The findings come after the ICO stepped up its enforcement action for breaches under the GDPR rules, which last week saw the data watchdog announce its intention to fine British Airways £183m and Marriott International £99m over data breaches.

The fines represent a 53-fold increase on the £3.4 million in penalties levied by the ICO last year.

RPC suggested that the introduction of GDPR in May 2018 has led to greater awareness over the consequences of data and cyber security breaches for personal data, as well as the requirement to report identified breaches within a 72 hour window.

Richard Breavington, partner at RPC, said: “The jump in whistleblowing reports of data breaches will be a concern to businesses – the ICO’s large fines mean data security continues to be a C-suite issue for businesses that hold personal data.

“GDPR has driven a cultural shift in how people perceive personal data and its value, more people now see it as part of their personal property, and they are more likely to act if they believe it is being misused.”

He added: “Boards should be moving to ensure their businesses are not just GDPR-compliant on paper, but that they are culturally doing everything possible to ensure appropriate standards of technical and organisational security.”

Share Story: