News & Insights

GDPR sees data breach complaints sky-rocket

Published 06 September 2018

The number of complaints handed to cyber regulators in the UK has sky-rocketed since the implementation of the EU's General Data Protection Regultation (GDPR) legislation in May, it has been revealed.

The Information Commissioner’s Office (ICO) has received 6281 complaints from May 25, when GDPR was officially launched, and July 3, TechCrunch reports.

During the same period last year, the ICO received only 2417 complains – equating to a 160% increase this year. While the ICO does not separate complaints by type, a spokesperson said that the surge in post-GDPR complaints was expected.

“Generally, as anticipated, we have seen a rise in personal data breach reports from organisations,” an ICO spokesperson told TechCrunch.

“Complaints relating to data protection issues are also up and, as more people become aware of their individual rights, we are expecting the number of complaints to the ICO to increase too.”

Untitled design (53)A rapid increase in complaints related to GDPR mirrors the experience Australia has had with its own cyber legislation. In August, the Office of the Australian Information Commissioner (OAIC) released its first quarterly report which saw notified breach numbers hit a record high.

Robyn Adcock, Client Manager – Professional and Financial Risks at Gallagher, said that the evolving regulatory landscape should give businesses pause for thought.

“Barely a day goes by without some form of cyber breach making the news,” Adcock said.

“As legislation at home and abroad continues to develop, it is key that all businesses understand the cyber exposures they face and how best to mitigate against the threat of breaches that could be costly from both a financial and reputational perspective.”

While GDPR may be European legislation, it can still have an impact on Australian businesses.

Legislation in Europe applies to any Australian business with ties to the region,” Adcock explained.

“In practice this means that if your business has a presence in the EU, offers goods and services in the EU, or monitors the behaviour of individuals in the EU, it is likely to fall under the remit of GDPR.”

The OAIC has previously said that it is committed to internationally co-ordinated cyber legislation and is therefore likely to work with European legislators to enforce GDPR. With fines and penalties ranging from up to €20 million or 4% of annual global turnover, whichever is greater, cyber security and cyber insurance are becoming increasingly important.

“Cyber is no longer silent. With GDPR and mandatory breach notifications now a reality, cyber breaches are part of the public sphere, which brings with it challenges for all businesses,” Adcock added.

“At Gallagher, we are having ongoing discussions with both global and Australian insurers to determine how their policies are going to respond in the event of a breach within the European Union or Australia.”

This subject is explored in greater detail in the latest Gallagher Market Overview Report, Trust & Data: Into the Breach, which was published on 30 July. The report is available as a digital download.

Access the interactive online version of the report herechevron-right


Negotiating with a hacker in a ransomware attack on a business
Cyber | Article

Negotiating with a hacker in a ransomware attack on a business

07 July 2022
Legal penalty highlights businesses’ cyber security obligations
Cyber | Article

Legal penalty highlights businesses’ cyber security obligations

21 June 2022
Adapting your risk management protections to match evolving cyber cover
Cyber | Report

Adapting your risk management protections to match evolving cyber cover

31 May 2022