The number of whistle-blower reports received by the Information Commissioner’s Office (ICO) about potential data breaches at businesses has increased 165 per cent since the introduction of the General Data Protection Regulation (GDPR) in May.
There were 82 whistle-blower reports made to the ICO in the three months following GDPR coming into force on May 25 2018, up from the 31 made in the previous three months, according to recent research by law firm Reynolds Porter Chamberlain (RPC).
RPC explains that the ICO is actively soliciting whistle-blowers to come forward with any information, increasing the risk of any non-compliant activity at businesses being investigated and, potentially, fined.
Whistle-blower testimony was an important part of the Cambridge Analytica case.
As a result of new GDPR regulations and greater media exposure, individuals are now more aware of their responsibilities and willing to become a whistle-blower over data protection rights concerns.
Under GDPR, the cap on each individual fine for a breach is now €20 million (roughly £17.8 million) – or 4 per cent of worldwide turnover of the entity. This is more than 35 times higher than the old maximum fine of £500,000.
RPC says that the average value of a fine issued by the ICO has doubled to £146,000 in 2017-18, up from £73,000.
RPC partner Richard Breavington comments: “Data breaches are now regularly headline news stories and that means more whistle-blowers coming forward.”
“In recent years, data protection has become a major concern not just of Government and regulators, but also the general public. It is not just disgruntled employees who act as whistle-blowers, but genuinely concerned individuals.”
“With that increased pressure, along with the new responsibilities from GDPR, businesses need to have the right security protections and procedures in place or face potentially significant consequences if there is a data breach.”
“Businesses need to ensure, for instance, that their cyber insurance policies have access to the experts needed to contain any data breach and limit its potential impact.”
Insurance against data breaches is one of the fastest growing areas of the insurance industry.