Data breaches: whistleblower reports to watchdog skyrocket to hit record high

A

By Anthony Wolny

Author
A

By Anthony Wolny

Author

See full bio

Whistleblower reports on data breaches have continued to soar in the wake of GDPR, rising to record highs, a new report has found.

It’s been more than two years since the tougher data protection laws were brought in.

And according to analysis by London-headquartered law firm RPC, there was a 34% rise in whistleblower reports to the Information Commissioner’s Office in the last 12 months.

The figure jumped to 427 in the most recent period – up from 319 the previous year.

During the first year of GDPR there was a 175% increase.

Further action has been taken with 68 of the 427 most recent reports, including 23 considered for investigations. The ICO considered 55 for investigation in the previous year.

Why were the breaches flagged?

RPC, whose report was highlighted by The Telegraph, says that greater awareness of online fraud and other forms of data theft has “caused more people to report businesses for not taking proper precautions with the data they hold”.

The ICO states: “The GDPR introduces a duty on all organisations to report certain types of personal data breach to the relevant supervisory authority. You must do this within 72 hours of becoming aware of the breach, where feasible.

“If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay.”

Have you thought about the sensitive staff data you store?

Although when you think about data breaches it’s natural to think of clients initially, the same problems and principles apply to employees.

Are you protecting your staff data securely and complying with GDPR? Our free guide can help you here. Download it for free.

Have you thought about all the personal data you hold on your staff? Think for a moment. It may include:

  • Salaries
  • Bank account details
  • Emergency contact information
  • Employment eligibility
  • Copies of documents, such as driving licenses and passports
  • medical conditions and health records

What are the problems and punishments?

Have you considered the risks and punishments attached to failing to comply? There are two obvious and both highly damaging prospects:

  1. Financial penalties
  2. Reputational damage

Huge fines can be imposed on employers who breach GDPR, including fines of up to €20 million or 4% of the business’ annual turnover.

Two of the highest profile cases so far have been British Airways and the Marriott Hotel group, with the ICO stating its intention to fine the former £183m and the latter £99m.

Richard Breavington, Partner at RPC, says: “Whistleblowing is now a major risk for businesses that fail to deal with a data breach properly, or who have failed to take reasonable steps to protect the data they hold on their customers.”

Is your employee data handling outdated?

How do you keep hold of this information currently? Is it all paper-based? Is it on unsecured computer systems? Does the way you store it comply with GDPR?

Have you considered a cloud-based HR system that enables you to securely and easily store and access your employee details?

In the age of COVID, solutions like this are even more important to consider, with the continuing need for you and staff to work from home – at least some of the time.

The ICO says on this: “Remote application solutions give staff access to the corporate applications they need whilst working from home. This can help prevent staff from using their own personal applications to process personal data.”

Download our free guide to discover more about successfully protecting your staff data.

Want to learn more about solutions to GDPR compliance? Email hello@iris.co.uk or call 0344 844 9644.