Between May 25 2018, the day which GDPR (General Data Protection Regulation) was introduced, and the beginning of May this year, the ICO (Information Commissioner’s Office) received a total of 14,072 data breach notifications.
The number is up four times on the data breaches it logged from April 2017-18, which stood at 3,311.
New laws were designed to give people more control and access to the personal data collected from them by organisations, with more transparency and the threat of larger fines to those in breach of the rules also introduced.
The number of complaints from the public has also increased, almost doubling from around 21,000 the year before GDPR was introduced, to 41,054 this year.
However, a fine is yet to be issued under GDPR.
“The first fines under the General Data Protection Regulation are due to be issued soon, once the necessary legal processes have been completed,” an ICO spokeswoman said.
“However, we want organisations to focus on how data protection law can help them to get it right and enhance their reputations by earning people’s trust and confidence, rather than how they might be punished if they get it wrong.
“The introduction of GDPR was not a deadline but the start of an ongoing process and there is a lot more work to be done.
“That said, we will not hesitate to act in the public’s best interests when organisations wilfully or negligently break the law. The enforcement action we have planned during the coming months will demonstrate that.”
Separate data from across all countries where GDPR is applied, shows a total of 89,271 notifications of data breaches were received, while 144,376 were as a result of complaints.
Of these, almost two thirds (62.9%) have been closed, 37% are ongoing and 0.1% were appealed.
“Now more than ever before, consumers recognise how highly sought-after a commodity their personal information is to organisations and are demanding more from the companies they chose to do business with,” said David Blonder, data protection officer at BlackBerry.
“They also recognise the value it presents to malicious actors or the impact of misuse by organisations they trusted.
“Businesses should be taking preventative steps to protect personal information, rather than exploiting it, which means data protection and security should be paramount.
“Data privacy is no longer a nice to have or marketing strapline, businesses today must ensure that privacy is embedded by design in the development of services, products and business operations.”