GDPR one month on: Large rise in privacy complaints across Europe

Jun 28, 2018 | Regulation

The ICO has reported a sharp rise in complaints after GDPR, from a rise in breach notifications from organisations, as well as more data protection complaints following the activation of the law.

Speaking to the Guardian, The UK’s Information Commissioner’s Office (ICO) said it has seen a rise in breach notifications from organisations, as well as more data protection complaints following the activation of the law.

Meanwhile, the French data protection regulator, CNIL, reported a 50% increase in the number of complaints since the legislation came into effect on 25 May, compared with the same period last year, according to Politico Europe.

A further 29 cases are under investigation at the European level, the site reports.

Across Europe, the regulation has also sparked greater transparency from firms that have suffered a data breach, with notifications spiking over the same period.

GDPR increases maximum fines for malpractice to €20m (£17.6m) or 4% of a company’s global turnover – whichever is higher – and companies are more likely to face higher fines if they delay reporting breaches.

In Austria, more than 100 complaints have been filed in the last month, along with 59 breach notifications – the same number that would typically be received in eight months.

An ICO spokesperson said: “It’s early days and we will collate, analyse and publish official statistics in due course. But generally, as anticipated, we have seen a rise in personal data breach reports from organisations. Complaints relating to data protection issues are also up and, as more people become aware of their individual rights, we are expecting the number of complaints to the ICO to increase too.”

Isabelle Falque-Pierrotin, the head of CNIL, told Politico: “The general public is interested about all the transparency obligations, consent and all the new rights.”

The bulk of the response to the legislation has been a substantial number of complaints against high-profile companies, such as those against Facebook and Google filed by privacy campaigners at the consumer rights organisation Noyb.

Ian Woolley, Chief Revenue Officer at Ensighten, commented on the findings: “It’s not surprising that the first month of GDPR has seen a sharp increase in the number of complaints to regulators across Europe, with the ICO revealing a sharp rise in breach notifications and data protection complaints – there’s clearly a strong public interest in the new rules.

“Even before GDPR was officially enforced, businesses and individuals expressed a lack of confidence, with our recent research showing that nearly half (45%) of UK businesses expected to be fined for GDPR non-compliance, and even put money aside in preparation.

“Prevention is better than cure (or penalty!) and those firms who really engage with the process will be treated more gently by regulators. It’s vital to have control over customer consent and data governance procedures from the moment a visitor lands on the website.”