The ICO has now had almost a year to assess the impact of the Data Protection Act 2018 (‘DPA 2018’) and the General Data Protection Regulation (‘GDPR’) – the GDPR was designed and introduced to enhance individual’s rights over their personal data and how that data is processed by organisations. As a result, and as anticipated, the ICO has seen a sharp increase in the number of complaints and a rise in notifications of data breaches since the introduction of the GDPR and the DPA. In August 2018, it was reported that the ICO had received over 6,000 data protection related complaints in the two months following the introduction of the GDPR, compared with just 2,417 complaints it received in the previous year. The rise in complaints and notifications are, arguably, a direct result of people understanding and exercising their enhanced rights under the GDPR.
For many businesses, compliance with the GDPR continues to prove to be challenging. Organisations need to be aware of how to recognise subject access requests and other rights belonging to the data subject under the GDPR and DPA and when to notify the ICO of a data breach in order to avoid the financial consequences. The rise in the number of data-related complaints and data breach notifications serves as a reminder to organisations that the GDPR must be taken seriously, and showing a commitment to the principles that underpin the legislation will be instrumental in helping organisations avoid large financial penalties.
Data obtained from the European Data Protection Board.