The amount of data breaches reported to the UK’s Information Commissioner’s Office has nearly quadrupled since the recent enforcement of the General Data Protection Regulation (GDPR).
A report released by the ICO last week claims that in the months prior to GDPR being enacted, the total number of breaches reported was at 400, but that number climbed to over 1,750 in June, the first full month that GDPR was in place.
One of the many requirements organizations must comply with within GDPR is “reporting certain types of breaches to authorities within 72 hours of becoming aware of the breach, where feasible,” so it should come as no surprise that the number of breaches filed to the ICO by organizations across the world has skyrocketed.
GDPR applies to any organization that stores or processes Europeans’ personal data, meaning any organization who exposes personal data belonging to a UK resident is required to report the incident to the ICO, regardless of where the organization is based out of.
Organizations who do not report the breach within the 72-hour time frame could face fines of up to 4 percent of annual global revenue or €20 million ($23 million), whichever is greater. Organizations that fail to comply with GDPR's reporting requirements face less harsh fines of up to €10 million ($12 million) or 2 percent of annual global revenue.
Much of the GDPR requirements are centered on the processes and procedures for acquiring, utilizing and handling personal data that is ‘lawful and fair’, but the cybersecurity element is absolutely essential in order to prove that you have ensured ‘appropriate security and confidentiality of the personal data’.
NNT delivers Continuous Compliance to all compliance standards and policies, all at once. We combine NNT’s intelligent Change Control with Continuous System Integrity Monitoring to ensure maintaining compliance for your systems, networks, and applications is a straightforward, closed loop process.