Regulators across Europe, have recorded a sharp increase in the number of data-related complaints and data breach notifications since the General Data Protection Regulation (GDPR) came into force on 25 May 2018. The GDPR has radically reshaped how businesses can collect, use and store personal information. As a result of the new and expanded rights for people to know how their data is being used, and to decide whether it is shared or deleted, regulators are being overwhelmed with complaints and businesses are increasingly finding themselves subject to data breaches.
The UK’s Information Commissioners Office (ICO), has received 1,106 data protection complaints in the three weeks following the GDPR’s introduction, and has reported that data breach notifications, which are mandatory under the GDPR for most data security breaches, have also increased. Companies such as Thomas Cook and Dixons Carphone are amongst the UK companies who have recently disclosed data breaches . This trend has not been limited to the UK. With Ireland’s Data Protection Commission receiving 547 breach notifications and 386 complaints in the first month following the introduction of the GDPR. Similarly, the Czech Republic and France have also experienced a high number of complaints, with over 400 each. France in particular, has already seen the volume of complaints increase by more than 50% compared to the same period last year. Again, this has been reflected in Austria, with the Austrian watchdog reporting that the volume of notifications it has received in the past month equating to the same number of notifications received in the eight month period prior to the introduction of the GDPR.