The number of reported whistleblower complaints about potential data breaches at businesses has increased 165 percent since the General Data Protection Regulation went into effect in May 2018, according to data from the United Kingdom's Information Commissioner's Office (ICO).

U.K.-based law firm Reynolds Porter Chamberlain reported in a blog post that there were 82 whistleblower complaints filed in the three-month period of June to August 2018, up from the 31 reported during a previous three-month period—February to April 2018.

A law firm spokesperson confirmed in an email to Corporate Counsel that the figures, which he said are not generally available, came directly from the ICO in the United Kingdom, which did not provide additional information about the nature of the whistleblowers.

The ICO is the independent regulatory office charged with enforcing data privacy rights, including those protected under the GDPR. The European Union's expansive regulation imposes new rules on any entity that offers goods and services to people in the European Union or that collects, processes or stores data tied to EU citizens.

According to Reynolds Porter Chamberlain, the ICO is actively soliciting whistleblowers to come forward with any information, increasing the risk that noncompliant activity at businesses will be investigated and potentially fined. In addition, the blog post said that because of the media exposure surrounding the GDPR, employees are now more aware of their responsibilities and willing to come forward with data protection concerns.

“Data breaches are now regularly headline news stories and that means more whistleblowers coming forward,” partner Richard Breavington said in the post. “In recent years, data protection has become a major concern not just of government and regulators, but also the general public. It is not just disgruntled employees who act as whistleblowers, but genuinely concerned individuals.”

Last month, it was revealed that a Portuguese hospital was seemingly the first business to be hit with a monetary penalty under the GDPR, after it was fined 400,00 euros—about $453,000—by the country's data protection supervisory authority for allowing too many users to have access to patient data in the hospital's patient management system.

The hospital, Central Hospital of Barreiro Montijo, is appealing the decision, and may initiate legal proceedings, it said at the time.