Only 0.25% of Reported Data Breaches Have Led to Fines Since GDPR
New data has discovered that a minute percentage of data breaches closed by the Information Commissioner’s Office (ICO) since the GDPR came into force have resulted in monetary punishments.
According to research from personal data security platform Digi.me, of 11,468 self-reported data breach cases handled by the ICO between May 25 2018 and the end of March 2019, just 29 penalties were handed out – a percentage of 0.25% – and none of them have been under the GDPR but rather the previous Data Protection Act, 1998.
The data, obtained by Digi.me under the Freedom of Information Act, also showed that 37,798 data protection concerns have been raised by members of the public since the GDPR came into force. That figure is almost three-times the number of actual data breach cases investigated by the ICO since May 25 2018.
Julian Ranger, founder of digi.me, said: “There is a clear problem with individuals and businesses over-reporting to the ICO. This data demonstrates the extent to which the ICO is inundated by concerns from businesses and the public, the vast majority of which are not serious enough for any kind of penalty or even to warrant an investigation.”
Digi.me’s analysis of the data revealed that the sectors with the most self-reported data breach cases include health, education and finance. The sensitive nature of the data collected by these sectors will only heighten existing concerns about personal data usage, Digi.me said.
Ranger continued: “Businesses and individuals are clearly unsure what constitutes a serious breach of sensitive data. There is no public confidence that ..