Bridewell’s analysis of Information Commissioner’s Office complaint data shows data privacy concerns continuing to rise across major UK sectors, with finance, health, and online technology and telecoms again attracting the highest levels of scrutiny.
The research compared complaints made between October 2023 and September 2024 with those submitted between October 2024 and September 2025. Finance, insurance, and credit remained the most complained-about category in both reporting years.
Complaints in that sector rose from 4,422 to 4,630 year-on-year, an increase of 5%. Health ranked second, with complaint volumes rising from 3,903 to 4,082. Bridewell said the figures reflect the pressure facing organisations that handle large volumes of financial and medical information.
Online technology and telecoms also remained among the highest-volume complaint categories across the two years reviewed, extending the concentration of complaints across sectors that manage significant amounts of personal data through digital services and regulated processes.
Retail and manufacturing recorded fewer complaints overall, but saw the sharpest annual rise. Complaints in that combined category climbed 12%, from 2,421 between October 2023 and September 2024 to 2,714 between October 2024 and September 2025.
The analysis also found a 22% fall in cases that resulted in informal action responses, alongside a 14% increase in cases where investigations concluded with “No Further Action”. Bridewell said the pattern may indicate a higher enforcement threshold, with regulators prioritising complaints that show clearer evidence of risk, harm, or repeated non-compliance.
Where no further action is taken, the stated reason is often that insufficient information was provided. Bridewell said that underlines the importance of documenting harm and keeping clear records of how personal information was handled when concerns are raised.
Chris Linnell, Associate Director of Data Privacy at Bridewell, said, “Rising complaint volumes in sectors like financial services and healthcare show that public expectations around data protection continue to grow. Organisations can’t treat privacy as a compliance box-ticking exercise; it must be central to business operations.”
The figures sit alongside wider governance and cyber security pressures. Bridewell’s Cyber Security in Financial Services report found that 39% of organisations consider data privacy and protection one of their biggest cyber security challenges.
Regulatory enforcement has also remained active. In February 2026, the ICO fined Reddit £14.47m after finding the platform had failed to carry out a data protection impact assessment before January 2025 and had not applied robust age assurance measures for children using its service.
Linnell added, “Cases like this highlight the escalating reputational, financial, and operational costs of inadequate privacy controls.”
Bridewell has published the full dataset here.
You must be logged in to post a comment.