One year later, the GDPR has swept many industries. How? The Information Commissioner Office (ICO) reports on the changes seen in just one year. 

One in three (34 percent) people have high trust and confidence in companies and organisations storing and using their personal information – significantly up from the 21 percent stating this in 2017. In March, 64 percent Data Protection Officers (DPOs) stated that they either agreed or strongly agreed with the statement ‘I have seen an increase in customers and service users exercising their information rights since 25 May 2018’. 

Helplines, live chat and written advice services received over 470,000 contacts in 2018/19, a 66 percent increase from 2017/18. 

There were around 14,000 Personal Data Breach (PDB) reports from 25 May 2018 to 1 May 2019, compared to 3,300 PDB reports in the year from 1 April 2017.

From 25 May 2018 to 1 May 2019, there were more than 41,000 data protection concerns from the public. The figure for 2017/18 was around 21,000. Subject access requests remain the most frequent complaint category, representing around 38 percent of data protection complaints we received. This is similar to the proportion before the GDPR (39 percent). In fact, the general trend is that all categories of complaint have risen in proportion with the overall increased number of complaints since the implementation of the GDPR. 

The health sector, for example, accounts for over 16 percent of PDBs and 7 percent of data protection complaints. Local government accounted for 8 percent of PDBs and nine percent of data protection complaints. Lenders accounted for six percent of data protection complaints. This intelligence helps guide guidance, support and action in the areas where there is the greatest regulatory risk.