Reportedly, the Information Commissioner’s Office (ICO) receives around 500 calls on a weekly basis, but as we’re 3 months into the GDPR era, no fines have been issued as of yet.
These fines are no laughing matter; should you get hit by them, expect to have to pay upwards of €20 million (£17.7 million).
ICO official James Dipple-Johnstone does not view the agency as a revenue-generation organisation, which is probably why they’re a bit more lenient when a GDPR violation is encountered. He believes that a lack of understanding regarding GDPR is the reason why they’re getting so many calls. In fact, about 1/3 of cases do not meet the organisation’s reporting threshold.
Unveiling the statistics a bit more in detail, he continued to explain that:
– Around 20% of cases have something to do with cybersecurity, with half of those being phishing-related
– Malware accounts for 10% of cases
– Misconfiguration amounts to 8% of cases
– Ransomware is involved in 6% of cases
The official continued to say that companies have not studied the GDPR reporting process, making them unaware and unprepared for what needs to be done when they encounter a violation. Consequently, not enough information is reported when filing a complaint, and sometimes, the opposite is true, as they over-report incidents and include information that is not really needed.
Allegedly, the number of data breach reports has quadrupled since GDPR came into effect.
The GDPR reporting guidelines are available on ICO’s official website.