It seems like every other day we hear of another data breach, with household names including Adidas, Ticketmaster and Dixons Carphone – to name just a few – suffering at the hands of criminal hackers.
In 2017, 826 million data records were reported lost or stolen, with security breaches attributing for 58 million of these cases.
If you think it only happens to large organisations, think again.
Since the GDPR (General Data Protection Regulation) came into effect this May, the ICO (Information Commissioner’s Office) has reported a rise in breach notifications from organisations, as well as more data protection complaints following the activation of the law. There were 1,792 self-reported incidents in June – the first full month after the law came into effect – compared with 398 in March, 367 in April and 657 in May.
Data controllers are now required to notify the supervisory authority (the ICO in the UK) if a ‘personal data breach’ occurs, and they must do so within 72 hours of discovering the breach if there is a risk to data subjects’ rights and freedoms. They must also notify the data subjects themselves without undue delay if there is a high risk to their rights and freedoms. As the general public is becoming increasingly aware of their individual rights this could account for the rise in complaints.
Adding to the pressure is the financial hit of a data breach, with the average incident costing UK businesses a staggering £2.48 million. Having a data breach contingency plan is no longer an optional fleeting thought but quickly becoming a requirement.
The GDPR’s mandatory notification requirements are likely to pose very significant challenges to many companies and require careful planning to give the best possible chance of compliance.
IT Governance has a range of tools and services available, from helping to prevent a breach, to training staff and preparing your organisation should a breach occur.
To help your organisation get #BreachReady this summer, we are offering up to 20% off selected data protection and incident response solutions.