GDPR Three Months In

The Information Commissioner’s Office (ICO) recently provided the first update on the impact of the General Data Protection Regulation (GDPR) since it went live three months ago.

Over this period, the ICO, who are the regulator under GDPR, received an average of 500 calls a week to their breach reporting line. Collected data has identified some important trends concerning the reporting of relevant incidents. The key lesson is that organisations need to get their incident reporting plans in place and to ensure that:

  • Breaches are reported within the appropriate time period. Breaches are to be reported within 72 working hours of the organisation becoming aware of the incident.
  • Breach reports are as complete as possible before reporting, where details are missing a rough timeline of when the ICO can expect further information should be provided.
  • The person reporting the breach is authorised to discuss the problem in the required detail.

Of the cyber incidents that were reported, nearly half were the result of phishing. Malware (10%) and ransomware (6%) were also other notable causes of breaches reported.

The NCSC, in collaboration with the ICO, has published guidance on GDPR Security Outcomes.

Want to know more about GDPR – read our article here



Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: