GDPR introduction sees whistle-blower reports on data breaches rise 165%

Published on 17 December 2018

The number of whistle-blower reports received by the Information Commissioner’s Office (ICO) about potential data breaches at businesses has increased 165% since the introduction of the General Data Protection Regulation (GDPR) in May.

There were 82 whistle-blower reports made to the ICO in the three months following GDPR coming into force on May 25 2018, up from the 31 made in the previous three months.*


RPC explains that the ICO is actively soliciting whistle-blowers to come forward with any information, increasing the risk of any non-compliant activity at businesses being investigated and, potentially, fined.


Whistle-blower testimony was an important part of the Cambridge Analytica case.


As a result of new GDPR regulations and greater media exposure, individuals are now more aware of their responsibilities and willing to become a whistle-blower over data protection rights concerns.


Under GDPR, the cap on each individual fine for a breach is now €20 million (roughly £17.8 million) – or 4% of worldwide turnover of the entity. This is more than 35 times higher than the old maximum fine of £500,000.


Recent research by RPC shows that the average value of a fine issued by the ICO has doubled to £146,000 in 2017-18, up from £73,000.


Richard Breavington, Partner at RPC, comments: “Data breaches are now regularly headline news stories and that means more whistle-blowers coming forward.”


“In recent years, data protection has become a major concern not just of Government and regulators, but also the general public. It is not just disgruntled employees who act as whistle-blowers, but genuinely concerned individuals.”


“With that increased pressure, along with the new responsibilities from GDPR, businesses need to have the right security protections and procedures in place or face potentially significant consequences if there is a data breach.”


“Businesses need to ensure, for instance, that their cyber insurance policies have access to the experts needed to contain any data breach and limit its potential impact.”


Insurance against data breaches is one of the fastest growing areas of the insurance industry. Data breach services such as RPC’s ReSecure can help to protect the data and reputation of companies, if they become the victim of a hack.


ReSecure provides companies with access to data breach management, technical forensic investigation, legal advice, notification, web and credit monitoring and public relations services.


*June-August 2018 compared to February-April 2018

Stay connected and subscribe to our latest insights and views 

Subscribe Here