According to new research carried out by DLA Piper regarding breaches reported to regulators across the EU, the UK was the third highest in terms of the number reported. In the eight months that have passed since May last year more than 59,000 personal data breaches have been reported to regulators. Here in the UK, the ICO received 10,600 of those.
We know from a webinar ran last year by the ICO that since the GDPR came into force, reports of data breaches are up but also that a large number of these were probably not reportable, with over-reporting being a problem. Under GDPR data controllers get 72 hours from being alerted to a breach to determine whether it’s reportable; a breach is reportable if there is a risk to the data subjects from the breach of their data.
However, whether they should have been reported or not, that’s a large number of personal data breaches that have occurred across the UK since the GDPR came in. Is this an indication that UK businesses aren’t totally compliant or an indication that lots of organisations just haven’t got the right security or processes in place to protect personal data.
Whatever these numbers mean, the ICO has its work cut out in terms of keeping on top of the workload!
If you think you’ve suffered a breach remember it may not be reportable. Whilst the GDPR requires reporting to both the regulator (the ICO in the UK) and data subjects, this is only necessary in certain situations. The problem with breaches is having to consider them on a case by case basis – if you’re unsure whether your breach is reportable or if your looking for guidance and interpretation of your breach case, a Hub subscription can help – our support services are there for you to use whenever you need guidance or perhaps a second opinion.