While some debate whether or not the GDPR is a net positive development in Europe, one good sign is that breach whistle-blowing is on the rise.
Back in June, Europe passed the General Data Protection Regulation (GDPR). When it was first passed, reaction was divided. American based site TechDirt blasted the law as cumbersome and hijacks business resources. Meanwhile, European based digital rights group, the EDRI, hailed the laws as a new era of respect for user privacy.
The laws themselves greatly increase the penalties (to the tune of a percentage of global income) for data breaches against companies who simply fail to protect users private information. Companies themselves who operate in Europe are obligated to quickly report leaks and breaches to authorities. They also need to take steps to protect the data as well.
While some still debate the merits of the law, there is one positive sign coming out of this law: the number of people blowing the whistle on companies who fail to report or secure people’s personal information. According to one report, the number of whistle-blower reports have skyrocketed up by 165%. From ITProPortal:
General Data Protection Regulation has given people the courage to notify the authorities on any data breaches that otherwise may have gone under their radar.
According to law firm RPC, there has been a 165 per cent increase in the number of whistle-blower reports since GDPR came into force last May. Looking at raw figures, a total of 82 reports have been made to the ICO, compared to 31 before GDPR.
The report also states that ICO is ‘actively soliciting whistle-blowers’ to come forward with any information.
Richard Breavington, Partner at RPC, comments: “Data breaches are now regularly headline news stories and that means more whistle-blowers coming forward. In recent years, data protection has become a major concern not just of Government and regulators, but also the general public. It is not just disgruntled employees who act as whistle-blowers, but genuinely concerned individuals. With that increased pressure, along with the new responsibilities from GDPR, businesses need to have the right security protections and procedures in place or face potentially significant consequences if there is a data breach.”
This, of course, is not to say that this statistic alone justifies GDPR. In face, some people might argue that while this is a positive sign, it doesn’t necessarily mean businesses are respecting users personal information. In fact, some might still be going on with business as usual with flawed security policies in place. Still, the fact that whistle-blowing is on the rise since GDPR came into force is at least one positive sign that this law is giving the public reason to support the law.
One angle of looking at this is that if more whistle-blowing is happening, then that would theoretically motivate some companies who don’t take adequate steps to protect user information to take a second look at their data protection policies. After all, do business owners really want their company to be yet another data leak or breach headline? Not likely.
The merits of the law will no doubt be debated for years to come, but it’s a hard sell at this point that nothing good has come from the laws in the first place.