UK Data Complaints Double Under GDPR

Data protection complaints have more than doubled in the UK since new rules under the General Data Protection Regulation (GDPR) came into force in May, the data regulator’s figures show.

The Information Commissioner’s Office (ICO) said it received 6,281 complaints from 25 May to 3 July, compared with 2,417 in the same period last year.

The complaints include individuals reporting the use or distribution of their personal data without permission and companies reporting incidents in which data they held was accessed.

Complaints involving the financial services, education and health sectors made up more than a quarter of the total, with financial services alone comprising one in 10 of the complaints.

Large fines

The figures are likely to reflect a rise in awareness and understanding of data protection laws by businesses and consumers alike, according to law firm EMW, which obtained the information through a freedom of information request.

The new regulations expose firms to fines of 20 million euros (£17m) or 4 percent of global annual turnover in the most serious cases.

Data protection cases have gained increasing visibility in the media, with the ICO in July imposing a penalty of £500,000, the maximum allowed under previous rules, on Facebook for allowing now-defunct political consultancy Cambridge Analytica to use the data of tens of millions of its users and for its lack of transparency about how such data is made use of.

The new regulations represent a significant burden for companies and regulators alike, EMW found, with the ICO saying it is adding staff to cope with GDPR complaints.

The regulator is moving from 530 full-time equivalent staff to 720 in the near future, nearly double its staffing levels in 2015.

Workload

The rules also form a “significant workload” for businesses, said EMW principal James Geary.

“We have seen that many businesses are currently struggling to manage the burden created by the GDPR, whether or not that relates to the implementation of the GDPR or reportable data security breach incidents,” he said, adding that the large potential fines are “worrying”.

“Despite (the GDPR) being on the horizon for a couple of years, the reality of the work involved in implementation and ongoing compliance may have taken many businesses by surprise,” he said.

New tasks include providing individuals with the data companies hold on them, an obligation under the GDPR.

The ICO said the rise in reports was due to more people becoming “aware of their individual rights”, and confirmed it is recruiting “all levels of staff, including 10 new director roles… to give us the capacity, capability and resilience to tackle our regulatory brief”.

Its funding is set to increase from £24m to £38m in 2018-19, the agency said.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago