Skip to main content

Only a tiny amount of data breaches are seeing GDPR fines

(Image credit: Image Credit: Visualsoft)

With all the talk about the draconic fines that businesses can expect if they breach GDPR, it’s quite surprising to see how many incidents actually result in a monetary penalty.

According to latest reports from – just 0.25 per cent. says that businesses reported a total of 11,468 data breaches to the Information Commissioner’s Office (ICO) after GDPR came into force, on May 25 2018.

Out of that number, the ICO issued a total of 29 penalties, which brings the rate to 0.25 per cent.

In other interesting takeaways from the report, consumers have raised 37,798 data protection concerns in the same time period.

According to Julian Ranger, founder of, there is a “clear problem with individuals and businesses over-reporting to the ICO”.

“This data demonstrates the extent to which the ICO is inundated by concerns from businesses and the public, the vast majority of which are not serious enough for any kind of penalty or even to warrant an investigation,” he says.

Businesses in the healthcare, education and finance industries are the quickest to report a breach, it was added.

“Businesses and individuals are clearly unsure what constitutes a serious breach of sensitive data,” he added.

“There is no public confidence that personal data is being handled responsibly – any organisation that collects personal data should put an informed consent process in place, which has the double benefit of putting individuals back in control of their personal data while also being fully compliant with regulation.”

GDPR, or General Data Protection Regulation, is a new EU-wide legislation that regulates how businesses gather, store, protect and share personal data they have on EU citizens. The fines for breaching GDPR can go up to €20 million.

Image Credit: Visualsoft