Only 0.25% of data breaches probed by the UK’s Information Commissioner’s Office have resulted in financial penalties, according to a study by Digi.me, as reported by InfoSecurity.
GDPR took effect last May 25, and from then until the end of March this year, only 29 fines were meted out from a total of 11,468 cases, the report states.
But consumers may be too quick to complain — overall, they raised 37,798 data protection issues.
“There is a clear problem with individuals and businesses over-reporting to the ICO,” says Julian Ranger, founder of digi.me, according to InfoSecurity.
Ranger adds: “This data demonstrates the extent to which the ICO is inundated by concerns from businesses and the public, the vast majority of which are not serious enough for any kind of penalty or even to warrant an investigation.”
DigiMe obtained the data under the Freedom of Information Act.