Government Cite GDPR As Reason For Increased Reporting

Since the introduction of the General Data Protection Regulation (GDPR) on 25th May 2018, more data breaches have been reported and recorded by Government departments and organisations than ever before. 

The stricter reporting rules defined in GDPR legislation are said to be behind the increase in reporting as opposed to more data breaches occurring. Nine Government departments and organisations reported 7,409 data breaches in the 2018/19 financial year, compared to 3,522 in 2017/18.

The Ministry of Justice (MoJ) are responsible for the largest number of Whitehall data breaches. The Ministry runs local delivery services through HM Courts and Tribunals which handles 4.4million cases.

An MoJ spokesperson said:

“While we work to reduce the number of breaches, the vast majority which do occur are low impact, and represent a tiny fraction of the millions of court cases, legal aid applications, and personal data of those in prisons or on probation we deal with each year.

“We take the security of data very seriously, training our staff to handle sensitive information and investigating each and every incident to prevent any repeat.”

The Information Commissioner’s Office (ICO) must be notified about serious breaches. However, the MoJ has reported eight significant incidents, two fewer than the year before.

The Home Office recorded 1,930 incidents, 29 times as many in 2018-19 as in the previous year, citing GDPR as the reason. Reporting 35 breaches to the ICO, compared with two the previous year.

In its annual report, the Home Office stated:

“Post-GDPR publication of additional information and guidance around personal data and management of breaches, plus a revised reporting process, has raised awareness across the Home Office regarding the need to escalate such incidents.

The Ministry of Defence (MoD) quadrupled the number of incidents it recorded to 470. It too blamed GDPR, saying this had widened the scope of personal data and led to communication and training on the need to report data breaches.

Publishing their annual report in September, the MoD stated: 

“Along with the extension to the scope of GDPR this has led to an increase in the number of reported incidents when compared to the previous year.”

The MoD reported seven incidents to the ICO, having not reported any in 2017-18.

The Department for Environment, Food and Rural Affairs (DEFRA) recorded 148 incidents in its annual report, a huge increase on the 62 incidents that were recorded in 2017/18.

HM Revenue and Customs recorded just 22 incidents in 2018/19 and bucked the trend, recording 10 fewer incidents than the year before. However, HM Revenue and Customs did record an increase in the number of breaches reported to the ICO – which rose from two to 12.

Other 2018-19 annual reports revealed that NHS England and its commissioning support units recorded 13 data breaches in 2018-19, down from 37 the previous year, with new scoring criteria causing the reduction; the Foreign and Commonwealth Office recorded 35 up from 14 the year before; the Disclosure and Barring Service recorded 13 compared with 10 in 2017-18; and the Department for Work and Pensions recorded one incident, having not recorded any for the two previous years.

Have you seen an increase in the number of data breaches reported to you as a result of the GDPR legislation?