GDPR three months in


The Information Commissioner’s Office (ICO) recently provided the first update on the impact of the General Data Protection Regulation (GDPR) since it went live three months ago.

Over this period, the ICO, who are the regulator under GDPR, received an average of 500 calls a week to their breach reporting line. Collected data has identified some important trends concerning the reporting of relevant incidents. The key lesson is that organisations need to get their incident reporting plans in place and to ensure that:

Breaches are reported within the appropriate time period. Breaches are to be reported within 72 working hours of the organisation becoming aware of the incident.

Breach reports are as complete as possible before reporting, where details are missing a rough timeline of when the ICO can expect further information should be provided.

The person reporting the breach is authorised to discuss the problem in the required detail.

Of the cyber incidents that were reported, nearly half were the result of phishing. Malware (10%) and ransomware (6%) were also other notable causes of breaches reported.

The NCSC, in collaboration with the ICO, has published guidance on GDPR Security Outcomes.


National Cyber Security Centre Article – 21st September 2018


Book Your Workshop

Please complete the form below and we will contact you to have an initial discussion. Thank you.

Book consultation


Contact Us

WP-Backgrounds Lite by InoPlugs Web Design and Juwelier Schönmann 1010 Wien