More than 14,000 data breaches have been logged since the introduction of tough new data laws last May, the UK’s information commissioner’s office has said.
Complaints from the public have also doubled, from around 21,000 to 41,000.
It suggests that the General Data Protection Regulation (GDPR) has increased awareness about the importance of personal information.
But no fine has yet been issued under GDPR rules in the UK.
The legislation was designed to give people more control over the data being collected on them.
If companies lose data or share it without permission, they have to inform the regulator – the ICO in the UK – within 72 hours.
Where companies have broken the law, they can be fined 20 million euros (£17.6m) or 4% of their annual global turnover – whichever is larger.
The ICO said fines were “coming soon” but added that it wanted organisations “to focus on how data protection law can help firms to get it right… rather than how they might be punished if they get it wrong”.
In January, Google was fined £44m in France for GDPR breaches.
Across all the EU countries which have implemented GDPR, there has been a total of 89,271 notifications of data breaches, and 144,376 complaints from the public.
Richard Breavington, partner at law firm RPC, said: “The ICO has already begun to ratchet up the value of fines, and it has barely scratched the surface of its powers.
“The first large-scale loss or misuse of individuals’ data under GDPR will be an important ‘test case’ for the ICO, which will show us how far the regulator is prepared to go in using its new powers – this is a key area to watch. However, we don’t expect to see blockbuster fines being levied in the near future.”