It’s been 3 months since the GDPR and Data Protection Act 2018 came into force. You may be wondering what has happened since then?
In a recent speech the Information Commissioner’s Office (ICO) Deputy Commissioner (Operations) James Dipple-Johnstone, provided an update on activities since 25 May 2018.
He made the following statements that are of interest:
- The ICO has been receiving around 500 calls a week to its breach reporting line since 25 May;
- About a third of the callers discussed their circumstances with the ICO officers and decided that their breach did not meet the reporting threshold;
- Approximately a fifth of reported breaches involved cyber incidents, almost half of which as a result of phishing.
Other key trends include:
- Organisations are struggling with the concept of 72 hours as defined by the GDPR (it’s not 72 working hours);
- Reports filed does not contain complete information;
- Some data controllers are “over-reporting” as a risk management tool or because they are under the mistaken belief that everything must be reported.
The practical advice from the ICO includes the following:
- Report breaches by phone, particularly if you need advice about how to manage a breach or whether or not to tell your customers;
- Take extra steps to prevent cyber-attacks;
- Read the ICO reporting guidance on their website.
You’ll find a summary of his speech here.
FSB members should keep in mind that they have right of membership access to the Cyber Advice Line. If you have questions around cyber, give them a call. They are also currently offering a free Cyber Health Check to all FSB members. The number to call them on is 0345 0727 727.