Complaints to the ICO have doubled since GDPR came into effect

Since the General Data Protection Regulation (GDPR) came into effect, data breach complaints to the Information Commissioner's Office (ICO) have “more than doubled”.

That’s according to findings by the law firm EMW, which found that 6,281 complaints were lodged between the GDPR’s May 25 implementation this year and July 3. That represented a 160% rise on the 2,417 complaints received in the same period the year prior.

For the digital marketing industry, the figures should be concerning, given the substantial fines facing companies found to be in breach of the regulations. Companies soon face a maximum fine of £16.5m, 33 times more than the current £500K - or 4% of annual turnover.

While the response to the update was questionable before the regulations came into effect, the number of complaints received shows consumers are savvy to GDPR, and brands should take extra precautions to ensure their marketing and use of data is compliant.

“A huge increase in complaints is very worrying for many businesses, considering the scale of the fines that can now be imposed. There are some disgruntled consumers prepared to use the full extent of GDPR that will create a significant workload for businesses,” said James Geary, a member of EMW’s commercial contracts team.

EMW suggests that this heightened awareness of individual data rights is a result of high-profile media publicity and government advertising, leading to a greater public focus on accountability of all businesses handling personal data.

Consumers were most likely to make complaints when their concerns were regarding use of their personal and financial data. Companies operating within the financial sector made up 10% of all complaints, amounting to 660, while those in the education and health sectors received 1,112 in total.

Geary commented; “We have seen many businesses are currently struggling to manage the burden created by the GDPR, whether or not an incident even needs to be reported. The reality of implementation may have taken many businesses by surprise.”

Geary added that emails remain one of the biggest challenges for marketers following GDPR, as failure to respond promptly to subject access requests or right to be forgotten requests could result in a fine; “The more data a business has, the harder it is to respond quickly and in the correct compliant manner,” said Geary.

Yesterday, Marketing Tech reported how Google had quietly paid Mastercard “millions of dollars” for offline data on over 2bn cardholders in order to help attribute its advertising to sales on the high-street.

While not officially in breach of regulations, and both parties insisting that the data could not be used to identify individual consumers or purchases, the revelation led to widespread concern around the use of financial data without direct cons.

Interested in hearing leading global brands discuss subjects like this in person?

Find out more about the Digital Marketing World Forum (#DMWF) international event series, next arriving in New York from November 7-8.

Related Stories

Leave a comment

Alternatively

This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.