Skip to main content

Almost half of businesses reported to ICO since GDPR came into effect

data protection
(Image credit: Image source: Shutterstock/Wright Studio)

Since GDPR came into effect in May 2018, almost half of UK businesses (43 percent) have been reported to the Information Commissioner’s Office over a breach, either actual or potential.

This is according to a new report from encrypted storage company, Apricorn, which polled 100 UK IT decision-makers from large enterprises. The company found that a third of the companies notified the ICO themselves, while a tenth were reported by somebody else. A further 9 percent of the respondents said they didn’t know if the breach had been reported or not.

Many organizations were said to be lacking proper cyber-resilience, the report further stated, hinting that this might be the key reason businesses fail to manage risk and recover from data breaches. Respondents said they struggle to identify and locate data (33 percent), understand data obligations (31 percent) and adequately secure data (25 percent).

Adding mobile and remote working into their cybersecurity plan was the number one challenge for the majority of respondents (39 percent), with others struggling to understand which data needs to be encrypted and how to control data storage. 

“Prioritising the building of cyber-resilience will strengthen an organization’s ability to prepare for, react to and recover from a cyber-attack,” said Jon Fielding, Managing Director EMEA at Apricorn. 

“Understanding precisely what data they collect, process and store, where it is located and who has access, all in line with data protection regulations, are vital components in this. A cyber-resilient organization can quickly retrieve and restore data after an incident, establish and remediate the cause whilst demonstrating transparency and due diligence to regulators.”