Businesses have been hit by a confusion of whistle-blowers over data breaches since the introduction of the General Data Protection Regulation (GDPR) in May.
The Information Commissioner’s Office (ICO), which is actively encouraging whistle-blowers to come forward, received 82 reports in the three months after the GDPR took effect, a rise of 165% on the 31 made in the previous three months.
Whistle-blower testimony was an important part of the Cambridge Analytica case.
GDPR fines can be as high as €20m (about £17.8m) or 4% of worldwide turnover of the entity. This is more than 35 times higher than the old maximum fine of £500,000.
Recent research by City law firm RPC found the average value of an ICO fine had doubled to £146,000 in 2017-18, up from £73,000. Insurance against data breaches is one of the fastest growing areas of the insurance industry.
Richard Breavington, RPC partner, said: ‘Data breaches are now regularly headline news stories and that means more whistle-blowers coming forward.
‘It is not just disgruntled employees who act as whistle-blowers, but genuinely concerned individuals. With that increased pressure, along with the new responsibilities from GDPR, businesses need to have the right security protections and procedures in place or face potentially significant consequences if there is a data breach.
‘Businesses need to ensure, for instance, that their cyber insurance policies have access to the experts needed to contain any data breach and limit its potential impact.’
