GDPR Prompts Flood Of Data Complaints


The number of complaints filed with the U.K. data protection watchdog has more than doubled since the General Data Protection Regulation (GDPR) went into effect at the end of May.

Between May 25 and July 3, there were 6,281 complaints filed with the Information Commissioner’s Office (ICO) — more than double the number during the same period the previous year.

The ICO does not separate out its complaints by type, so it’s unclear whether most of the recent ones are GDPR-related. However, the agency does admit that it expects the figures to climb.

“Generally, as anticipated, we have seen a rise in personal data breach reports from organizations,” said an ICO spokesperson, according to reports. “Complaints relating to data protection issues are also up and, as more people become aware of their individual rights, we are expecting the number of complaints to the ICO to increase too.”

This news is in line with the boost in complaints in Ireland, with more than half related to GDPR.

GDPR allows European citizens to request their data from companies, as well as request for their data to be corrected and deleted under the “right to be forgotten” provision. Companies that fail to follow the new rules can face fines as high as €20 million (£16.5 million), or 4 percent of their global annual revenue.

But a recent study has found that three months in, GDPR compliance rates are low, showing that only 20 percent of firms are fully compliant.

The law firm EMW was able to obtain the figures on consumer complaints following a Freedom of Information request.

“Despite this being on the horizon for a couple of years, the reality of the work involved in implementation and ongoing compliance may have taken many businesses by surprise,” said James Geary, principal at EMW. “Failing to respond promptly to subject access requests or right to be forgotten requests could result in a fine, and the time involved in responding properly should not be underestimated.”