Information Commisioner's Office (ICO) Deputy Commissioner, James Dipple-Johnstone, has made a speech to the CBI Cyber Security: Business Insight Conference on the impact of the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA).
In his speech, the Deputy Commissioner outlined key data breach reporting trends under the GDPR, which included:
- Organisations struggling with the concept of 72 hours from the moment of awareness of the breach;
- Reports are incomplete with a lack of people with suitable seniority and clearance to talk to the ICO; and
- Over reporting by some controllers.
The Deputy Commissioner advised that businesses should read the ICO's reported guidance, take time to gather information by deciding whether reporting is required, report by phone, take extra steps to prevent cyber-attacks and look at the NCSC / ICO security outcomes.