Significant rise in number of data breach notifications since introduction of GDPR

19 Jun 2019

Research carried out by law firm Pinsent Masons has suggested that, since the introduction of the General Data Protection Regulation (GDPR) on 25 May 2018, there has been a 'significant rise' in the number of data breach notifications reported to regulatory body the Information Commissioner's Office (ICO).

The GDPR applies to all businesses in the UK, regardless of size or structure. It places greater emphasis on transparency and accountability, and holds firms accountable for safeguarding the collection, usage and storage of individuals' personal data.

According to the research, UK businesses are 'reporting data breaches in a greater number than in many other parts of the EU'. Since the introduction of the GDPR, the ICO has received a monthly average of 1,276 data breach notifications. This equates to 43 notifications per day, Pinsent Masons revealed.

'The spike seen in incidents reported to the ICO can, in part, be attributed to the greater awareness of the new 72-hour timeframe under the GDPR,' said Stuart Davey, Senior Associate at Pinsent Masons.

'There is a lack of detailed regulatory guidance to help the assessment of whether the reporting threshold has been met, which means that it is often very difficult for data controllers to make a finding at such an early stage. As a result, many are understandably choosing to notify on a precautionary basis to avoid falling foul of the new requirements, or receiving a significant GDPR fine.'

Businesses who fail to comply with the GDPR are subject to stringent financial penalties, with fines costing up to €20 million, or up to 4% of total annual worldwide revenue, whichever is the greater.

Home | Contact us | Site map | Accessibility | Disclaimer | Help |

© 2024 Penn Management Services. All rights reserved. | Company Number: 03655701

Penn Management Services, 1 & 2 Heritage Park, Cannock, Staffordshire WS11 7LT
We use cookies on this website, you can find more information about cookies here.

In accordance with the disclosure requirements of the Services Regulations 2009, our professional indemnity insurer is Allied World Assurance Company (Europe) Limited, of 20 Fenchurch Street, 18th and 19th Floors, London EC3M 3BY. The territorial coverage is worldwide excluding professional business carried out from an office in the United States of America or Canada and excludes any action for a claim brought in any court in the United States of Amercia or Canada.

We are registered to carry on audit work in the UK by the Institute of Chartered Accountants in England and Wales and details about our audit registration can be viewed at www.auditregister.org.uk, under reference number C008875364.