GDPR: One year on. Lenders account for 6% of UK data protection complaints

Maria Nikolova

From May 25, 2018 to May 1, 2019, the UK Information Commissioner’s Office received over 41,000 data protection concerns from the public.

Last May saw a serious shift in privacy and information rights with the implementation of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

The UK Information Commissioner’s Office (ICO) has published an update on the matter: “GDPR: One year on”. The purpose of this update is to reflect on the regulator’s experiences over the past year and share what it has learnt about the GDPR and its impact a year after its implementation.

The ICO received around 14,000 personal data breaches (PDB) reports from May 25, 2018 to May 1, 2019. For comparison, the regulator received around 3,300 PDB reports in the year from April 1, 2017.

The ICO closed over 12,000 of these cases during the year. Of these, only around 17.5% required action from the organisation and less than 0.5% led to either an improvement plan or civil monetary penalty. While this means that over 82% of cases required no action from the organisation, it demonstrates that businesses are taking the requirements of the GDPR seriously.

Greater awareness of individual rights has had a significant impact on the numbers of concerns raised with the regulator by the public. From May 25, 2018 to May 1, 2019, the ICO received over 41,000 data protection concerns from the public. The figure for 2017/18 was around 21,000.

Subject access requests remain the most frequent complaint category, representing around 38% of data protection complaints the ICO received. This is similar to the proportion before the GDPR (39%). In fact, the general trend is that all categories of complaint have risen in proportion with the overall increased number of complaints since the implementation of the GDPR.

The regulator notes that some sectors are responsible for higher numbers of breach reports and data protection concerns. The health sector, for example, accounts for over 16% of PDBs and 7% of data protection complaints. Local government accounted for 8% of PDBs and 9% of data protection complaints. Lenders accounted for 6% of data protection complaints.

EU Data Protection Board figures indicated that from May 25, 2018 to May 1, 2019, there were around 240,000 cases across the EU (data protection complaints, data breaches, proactive investigations or other similar issues). The ICO received over 55,000 of these (roughly 23%).

Where the data protection cases reported have cross-border implications throughout the EU, these are reported to a lead EU data protection authority. The UK is currently the lead supervisory authority on 93 of these cases.

In addition, the UK is working on behalf of UK citizens to uphold their information rights in 58 other cases where other EU data protection authorities are the lead supervisory authority, and the UK is a concerned supervisory authority.

Read this next

Retail FX

Fullerton Markets Caps Off Stellar Year with Dual Triumph at Gazet International Awards 2023

Fullerton Markets, one of the fastest-growing brokerages in the Asia Pacific, has today announced its remarkable success at the prestigious Gazet International Awards 2023, where it secured two coveted accolades, reinforcing its position as a global leader in multi-asset brokerage and marketing a triumphant end to the year.

Inside View

Are brokers really ready for EMIR Refit and ESMA changes in 2024?

The EMIR Refit and ESMA reporting requirements necessitate a strategic approach from brokers, involving major updates to reporting systems, data collection processes, and internal resources. We spoke with brokers and RegTech providers to learn more about the upcoming regulatory challenges.

Digital Assets

Binance to phase out BUSD support in two weeks

Binance has announced its plans to gradually phase out support for its native stablecoin, BUSD (Binance USD) by December 15, 2023. This move comes after Paxos, the issuer of BUSD, decided to stop minting new tokens.


Binance Labs invests $3.15M in Open Campus to advance Web3 education

Binance Labs, the venture capital arm of the cryptocurrency giant Binance, has invested $3.15 million in Web3 education platform Open Campus.

Institutional FX

Brighty App unveils EU B2B payment platform amidst exploding market

Brighty App is set to launch its European B2B platform, Brighty Business, this month. This platform is geared towards improving how businesses handle their financial operations, especially in the digital banking and cryptocurrency domains.

Digital Assets

Celsius’ withdrawal process slowed by overwhelming demand

Bankrupt crypto lender Celsius is taking steps to allow certain customers to withdraw their funds. However, some users have reported difficulties in logging in to process their withdrawals, as indicated by posts on various social media platforms.

Digital Assets

Cristiano Ronaldo hit with $1 billion lawsuit over Binance NFTs

Cristiano Ronaldo, the renowned footballer, is facing a class-action lawsuit in the United States over his promotion of Binance, the world’s largest cryptocurrency exchange.

Digital Assets

Zipmex creditors offered 3.35 cents on the dollar payout

Zipmex, a Thai crypto exchange grappling with financial difficulties, has proposed a restructuring plan to repay its creditors.

Digital Assets

FSB warns of risks posed by multifunction crypto-asset intermediaries

The report on Multifunction Crypto-Asset Intermediaries (MCIs) provides an in-depth analysis of these entities which combine various crypto-asset services and products, typically centering around a trading platform. These services can include proprietary trading, investment functions, issuance, promotion, and distribution of crypto-assets, including stablecoins.