GDPR’s stricter reporting rules prompt spike in data breach reports
There have been more than 1,100 reports of data breaches involving personal information made to the Data Protection Commission since GDPR came into effect, The Irish Times reports.
The 1,184 reports, which compare to an average of 230 per month in 2017, would appear to reflect stricter reporting rules which came in under GDPR.
GDPR stipulates mandatory reporting of data breaches unless the breach is unlikely to result in a risk to individuals’ or data subjects’ rights and freedoms.
Breaches require to be reported “without undue delay” and, where possible, no later than 72 hours after the data controller is made aware of them.
The Commission has also recorded 743 complaints, with the regulation applying in 267 cases. In total, the office received 2,642, complaints last year, an increase of 79 per cent on 2016.
The most frequently complained about issues relate to processing that involves disclosure of personal data without a legal basis, unfair processing and access requests.