GDPR stokes jump in data protection whistleblowing
THE number of whistleblowers reporting potential breaches to Britain’s data protection watchdog rose by a third last year, figures show.
A total of 427 reports were made to the Information Commissioner’s Office in the 12 months to the end of March, according to City law firm RPC.
The ICO took “further action” on 68 of the reports, with a further 23 considered for investigation, down from 55 in 2018. Reports to the watchdog have surged since the introduction of the GDPR legislation two years ago. Before that, 140 reports had been made.
Under the legislation, companies are obliged to inform the ICO within 48 hours of discovering a cyber attack that affects personal data.
Businesses can now be fined up to 4pc of their annual turnover.
RPC said that an increase in online fraud and other forms of data theft had forced people to report businesses for not taking proper precautions.
Partner Richard Breavington said whistleblowing was a “major risk” for firms failing to deal with data properly.