Why Did Data Breach Reports and Complaints Increase Post-GDPR?


The implementation of the General Data Protection Regulation (GDPR) allowed EU residents to enjoy new legal rights and freedoms. Citizens have more control over their private information that businesses gather, process, and use.

With the GDPR, EU residents may report complaints to the correct authority if they think that a firm is not using appropriately or not protecting their personal data. Regarding particular data breaches, GDPR demands the sending of breach notifications within a 72-hour period after discovery.

Since May 25, 2018 when the GDPR was enacted, there was notable growth in the number of reported breaches in European countries. In just three months of enforcing the GDPR , reported data breaches in the UK quadrupled while the number doubled in Ireland.

The study conducted by Kroll showed that 75% more data breaches were reported to the Information Commissioner (ICO). ICO is the supervising authority in the UK in the past year. More than 2,000 data breaches due to human error were reported last year, whereas only 292 data breaches were reported the previous year.

The most prevalent causes of breaches based on the number of reported cases were:

  • sending emails to the wrong recipients with 447 incidents
  • misled letters and fax communications containing private data with 441 incidents
  • missing or thieved physical records with 438 incidents
  • unauthorized personal data access resulting from cyberattack with 102 cases

Out of the 2,000 reported breaches, 1,214 were reported by healthcare organizations. The reported figures show that data breaches increased although the majority of the data breaches reported happened even prior to the time when GDPR was implemented. Kroll thinks that the growth in number resulted from the greater transparency of UK firms want that want to be in compliance with the GDPR rules.

Kroll furthermore explained that the significant growth in issued fines for preventable data breaches likewise affected the quantity of reported breaches. Prior to the GDPR, issued penalties in the United Kingdom was just up to £500,000. After implementing the GDPR, issued penalties reaches £20 million or 4% of global annual turnover, if higher. Companies do not want to take the risk of such a big fine and the price tag associated with breaches including the mending of damaged reputation. So, they invest more on data protection solutions.

Consumers also submitted more privacy and data security complaints since the GDPR. It doubled in the first three months since enforcing the GDPR. Only 2,310 complaints were submitted to ICO in May. In June, received complaints totaled 3,098 and in July , 4,214. In other European countries, there was likewise a significant increase in complaints. France recorded a 37% increase in complaints between May 25 to July 31, 2018 compared to the previous year. In Ireland, there was a 65% increase in complaints.