Under GDPR, Data Breach Reports in UK Have Quadrupled

The scale of data breaches in Europe is rapidly evolving past the “problem unknown” stage, thanks to the EU’s General Data Protection Regulation, for which enforcement began on May 25 (see GDPR Enforcement Deadline: If You Blew It, What’s Next?).

GDPR imposes a number of new requirements on organizations that handle personal information. But one of the biggest changes is that organizations must track all breaches, as well as report certain types of breaches to authorities “within 72 hours of becoming aware of the breach, where feasible,” according to the Information Commissioner’s Office, which is the U.K.’s data privacy watchdog and GDPR enforcer (see GDPR and the Next Generation of Privacy Legislation).

So it should be no surprise that the number of breach reports being filed to the ICO by organizations – based inside the U.K. and out – has already increased dramatically.

In both March and April, the total number of breaches reported to the ICO was about 400, according to data released by the ICO last week. But the number of breach reports climbed to about 700 in May and hit about 1,750 in June, the ICO says.