Companies “over-reporting” data breaches as ICO takes 500 calls per week

Regulator reveals myths around GDPR fines and data breach reporting are still widespread three months in

The Information Commissioner’s Office (ICO) revealed it has been receiving 500 reports by telephone per week since GDPR came into force, a third of which are considered to be unnecessary or fail to meet the threshold for a data incident.



ICO deputy commissioner James Dipple-Johnstone revealed that misconceptions are still commonplace among organisations more than three months after GDPR came into force, leading to a large number of needless calls to the regulator.

Speaking at the Confederation of British Industry’s (CBI’s) fourth annual Cyber Security Conference, he added that one mistake many businesses make is to believe that the mandatory reporting period is 72 'working' hours, whereas, in reality, this is 72 hours from the point of discovery.

Many reports the ICO receive are also incomplete, and many tend to “over-report” due to an inflated desire to be transparent, because organisations want to manage their perceived risk, or just think they need to report everything.

The update comes a fortnight after the law firm EMW obtained figures via a Freedom of Information (FOI) request that showed the number of the complaints between 25 May and 3 July this year climbed to 6,281 versus just 2,417 during the same period last year.

“We understand this will be an issue in the early months of a new system,” Dipple-Johnstone continued, “but we will be working with organisations to try and discourage this in future once we are all more familiar with the new threshold.”
In addition to the update, the ICO was...

Read The Full Article
 

0 Comments Write your comment

    1. Loading...