News

SUBSCRIBE to our weekly e-mail (with live links) for just €5 per month
+++++++++++++++

ELEC Paper: Why EU Capital Markets Union has become a “must have” and how to get there -Feb 2024

My collected papers - 1989/1993: Market Discipline in EMU

Public Information

Expand

Graham Bishop Consultancy

Friends of GrahamBishop.com

Brussels 4 Breakfast

CPD / Education and Learning

Graham Bishop - Biography

Graham's Blogs

Graham's Media Activities

Graham's Speeches

Graham's Writing

Press Resources

My `pro bono' work

Technical Difficulties

Privacy Policy

Terms and Conditions

Tweets by @GrahamBishopcom

Follow @GrahamBishopcom

Article List:

Commercial Risk Euro...
European Commission ...
Commercial Risk Euro...
Preventing misuse of...
Insurance Europe: La...
Free flow of data: E...
EU to strengthen sha...
>>Commercial Risk Euro...
Commercial Risk Euro...
Insurance Europe: Ov...
EU to ban data local...
Digital Single Marke...
Commercial Risk Euro...
No barriers to free ...
General Data Protect...

Home>Protecting Customers>General Data Protection

Print Page Save to My Library <Next Article Previous Article>

24 October 2018

Commercial Risk Europe: Firms struggling under GDPR as breach notifications rise

The first few months of the EU’s General Data Protection Regulation (GDPR) have seen a marked increase in breach notifications, as some organisations struggle under the new regime.

Regulators and insurers have seen a significant uptick in data breach notifications since the regulation was implemented in May. These breaches are providing some useful insights, as regulators, corporates and cyber insurers feel their way through the new regime’s many requirements.

Notifications to the UK data protection regulator quadrupled in the first few months of the GDPR, with large increases also reported in France and Belgium. The UK’s Information Commissioners’ Officer (ICO) recently revealed that it is dealing with more than 500 calls to its data breach notification hotline each week.

It is not only the number of data breaches that is causing concern. Companies that suffer a breach will need to navigate new rules and requirements, many of which are open to interpretation. The introduction of the GDPR has certainly been a steep learning curve for many of AIG’s clients, according to Mark Camillo, head of cyber for EMEA at the insurer.

Speaking at a confederation of british industry cybersecurity event, ICO deputy commissioner James Dipple-Johnstone revealed that some companies are “over-reporting” data breaches. About a third of the calls to the ICO hotline are for breaches that do not meet the GDPR reporting threshold. The ICO has said it will try and discourage this practice in future.

The ICO also said that some companies are struggling with some of the basic concepts of the GDPR, such as the requirement to report a data breach to the regulator within 72 hours. It also highlighted the problem of incomplete data breach reporting, noting that it expects organisations to plan ahead and have people with suitable seniority ready to provide as much detail as possible.

The next year or so will be a test for the GDPR as regulators and companies interpret the notification requirements and experience data breaches, according to Nigel Pearson, group cyber director at RSA. “The next six to 12 months will be a shakedown for the GDPR,” he said.

Full article on Commercial Risk (subscription required)

© Commercial Risk Europe

< Next Previous >

Key
Hover over the blue highlighted text to view the acronym meaning
Hover over these icons for more information

Comments:

No Comments for this Article

Add new comment

Show name and company details

Follow Us

News

Public Information

Article List:

24 October 2018

Commercial Risk Europe: Firms struggling under GDPR as breach notifications rise

© Commercial Risk Europe

Key

Comments: