Companies including Marriott, British Airways and Dixons Carphone are some of the high-profile names that have revealed data breaches impacting hundreds of millions of people, although it’s not yet certain whether all of these will be considered under GDPR.
Before GDPR was implemented, there were only a small number of industry sectors, including banking and telecoms, that faced obligations to report a data breach. Under the new regulations, companies in every industry are required to notify customers and the Information Commissioner’s Office (ICO) of a data breach within 72 hours.
It’s therefore not surprising that a recent study indicates there has been a rise in reported data breaches since the implementation of GDPR, with law firm DLA Piper revealing that 59,000 data breaches have been reported across Europe since May 2018, 10,600 of which were in the UK.
This report highlights the scope and scale of today’s threat landscape. Nearly 60,000 data breaches in nine months may sound extremely high, but it’s not necessarily surprising. Intelligent, sophisticated and manipulative, today’s hackers are a force to be reckoned with. However, the regulations are not an opportunity for the government to catch out “bad” companies; it is a practice that aims to better protect customers and consumers.
This also doesn’t mean that there has been an increase in cyber security incidents; instead businesses are now obligated to report these incidents and are likely treading carefully. They can no longer sweep them under the carpet in the hope that no one will ever find out – the threat of a €20m fine or 4 per cent of their annual turnover was more than enough for businesses to sit up and take notice. More: https://www.lawyer-monthly.com/2019/02/the-gdpr-jungle-how-are-we-coping-nine-months-on/