Data breaches double since GDPR


The Information Commissioner’s Office (ICO) has received more than double the number of complaints regarding potential data breaches since the implementation of General Data Protection Regulation (GDPR) laws in May.

Data from law firm EMW revealed that the number of complaints to ICO, between the 25th of May and the 3rd of July this year, increased by 160 per cent in comparison to figures between the dates last year. In fact, there was 6,281 calls in this period.

The new GDPR laws dictate that any company with breaches that have occurred since the 25th of May will be required to pay the higher figure of either 20 million euros or 4 per cent of their annual worldwide revenue.

However, as most organisations reported their security breaches prior to the rollout of new laws, none have officially been fined as a result.

In light of the Facebook-Cambridge Analytica scandal, and the compromised data of an estimated 10 million customers associated with Dixons Carphone, it comes as no surprise that regulations need to be tightened imminently – for the sake of protecting individuals’ information and privacy across the world, as well as protecting the reputation of businesses.

Principal at EWM, James Geary, said: “A huge increase in complaints is very worrying for many businesses, considering the scale of the fines that can now be imposed.

“We have seen that many businesses are currently struggling to manage the burden created by the GDPR, whether or not that relates to the implementation of the GDPR or reportable data security breach incidents.”

In a post-GDPR world, however, Superdrug has been recorded as the first and latest victim of a cyber attack. The company announced this month that a hacker had taken data from “other websites” and used the same credentials to infiltrate their systems to steal as many as 20,000 customers’ private details.

Further to this, Superdrug appears to have strayed from protocol in its response to the breach, by not resetting customers’ passwords upon learning of the hack. Thus, the company cannot claim to have done everything in its power to reduce the damage resulting from the attack.

EWM commented that since so many people were now fully aware of their GDPR rights, it was high time businesses became serious about their approach to cybersecurity and putting in place all measures possible to prevent a hack as best as possible.

Ian Woolley, chief revenue officer at Ensighten – a data privacy company – said: “Governing bodies need to be tighter on the misuse of data and follow through with their word of placing financial sanctions on those who do not adhere to the regulation.

“Brands need to stop viewing GDPR as just a legal hurdle to jump. Consistent data governance is the only way to ensure brands aren’t putting their customers or reputation at risk.”

About Lee Hazell

Lee Hazell is a cyber security consultant with a keen interest in anything tech or security related. Follow Lee on .

Leave a Reply

Your email address will not be published. Required fields are marked *