Complaints from the public have also doubled, from around 21,000 to 41,000 according to a BBC report.
It suggests that the General Data Protection Regulation (GDPR) has increased awareness about the importance of personal information.
But no fine has yet been issued under GDPR rules in the UK.
The legislation was designed to give people more control over the data being collected on them.
If companies lose data or share it without permission, they have to inform the regulator - the ICO in the UK - within 72 hours.
Where companies have broken the law, they can be fined 20 million euros (£17.6m) or 4% of their annual global turnover - whichever is larger.
The ICO said fines were "coming soon" but added that it wanted organisations "to focus on how data protection law can help firms to get it right... rather than how they might be punished if they get it wrong".
In January, Google was fined £44m in France for GDPR breaches.