Very few data breaches have led to fines since the implementation of GDPR last year. This is according to research from the personal data security platform Digi.me, which also discovered that members of the public have raised 37,798 data protection concerns since May 2018.
Few data breaches result in fines
As outlined in their blog, Digi.me obtained the data under the Freedom of Information Act. The company examined 11,468 self-reported data breach cases between May 25 2018 and the end of March 2019.
Overall, just 29 of these breaches resulted in financial penalties in the cases closed by the Information Commissioner’s Office (ICO). Indeed, this equated to a minuscule penalty rate of just 0.25%.
The data also revealed that members of the public raised 37,798 data protection concerns since 25 May 2018. Despite this, this figure amounts to almost three times the number of data breach cases the ICO investigated during this same period (12,854).
Lack of awareness
Julian Ranger, founder of Digi.me, offered a comment on the revealing dataset. “There is a clear problem with individuals and businesses over-reporting to the ICO,” he asserted.
“This data demonstrates the extent to which the ICO is inundated by concerns from businesses and the public,” Julian added. Despite this, he stated that “the vast majority of which are not serious enough for any kind of penalty or even to warrant an investigation.”
“Businesses and individuals are clearly unsure what constitutes a serious breach of sensitive data,” he said. According to Julian, the public has “no confidence” that companies are handling personal data in a responsible manner.
“Any organisation that collects personal data should put an informed consent process in place,” he insisted. In turn, this has “the double benefit of putting individuals back in control of their personal data while also being fully compliant with regulation.”
How can advanced artificial intelligence enhance cybersecurity? Listen to our podcast with industry experts in order to find out