Skip to main content

Only a tiny amount of data breaches are seeing GDPR fines

(Image credit: Image Credit: Visualsoft)

With all the talk about the draconic fines that businesses can expect if they breach GDPR, it’s quite surprising to see how many incidents actually result in a monetary penalty.

According to latest reports from – just 0.25 per cent. says that businesses reported a total of 11,468 data breaches to the Information Commissioner’s Office (ICO) after GDPR came into force, on May 25 2018.

Out of that number, the ICO issued a total of 29 penalties, which brings the rate to 0.25 per cent.

In other interesting takeaways from the report, consumers have raised 37,798 data protection concerns in the same time period.

According to Julian Ranger, founder of, there is a “clear problem with individuals and businesses over-reporting to the ICO”.

“This data demonstrates the extent to which the ICO is inundated by concerns from businesses and the public, the vast majority of which are not serious enough for any kind of penalty or even to warrant an investigation,” he says.

Businesses in the healthcare, education and finance industries are the quickest to report a breach, it was added.

“Businesses and individuals are clearly unsure what constitutes a serious breach of sensitive data,” he added.

“There is no public confidence that personal data is being handled responsibly – any organisation that collects personal data should put an informed consent process in place, which has the double benefit of putting individuals back in control of their personal data while also being fully compliant with regulation.”

GDPR, or General Data Protection Regulation, is a new EU-wide legislation that regulates how businesses gather, store, protect and share personal data they have on EU citizens. The fines for breaching GDPR can go up to €20 million.

Image Credit: Visualsoft

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.