The number of self-reported data breaches has increased by 29% from 2,447 last year to 3,156 this year. Under the GDPR, organisations are obliged to report serious data breaches to the Information Commissioner’s Office (ICO). In June, after the GDPR had entered into force, the ICO received 1,700 notifications which is a sharp increase compared with previous levels (around 360-390 breach notifications per month).
The sector that reported the largest number of breaches was health, making up 37% of all cases, according to the ICO’s annual report, published today.
The ICO operates a telephone line for reporting data breach incidents. The telephone lines operate Monday to Friday 9am-5pm. Alternatively, organisations can use an online form available on the ICO website. They can also use their own forms but the ICO encourages using the ICO form to ensure that all the necessary information is being sent in.
The ICO says that they do not want organisations to report minor incidents. It aims to start dealing with each report on the day it is received, or very soon after. Cyber incidents also make up part of the increase in reporting, with 361 such cases reported this year.