GDPR Breach Crisis: Are You Prepared?
The GDPR compliance deadline might have passed but over two-thirds of UK firms acknowledge they are at risk of a GDPR breach crisis. While data mapping and updating privacy policies are an important aspect of GDPR preparedness, many companies will struggle to respond to GDPR breaches and incidents.
The deadline for compliance with the new General Data Protection Regulation (GDPR) passed on 25th May 2018, yet many firms are not yet fully compliant and are adopting a wait and see approach to the enforcement of the new regulation. Some have taken more drastic measures and suspended operations in the EU. In a recent Financial Times report, many companies were unprepared for the surge in requests regarding usage of their personal data. This is often due to poor information governance and an over retention of personal data, which compounds and become increasingly difficult and expensive as the volume and complexity of data growth is exponential.
One of the critical risks around over-retention of personal data is a data breach. There has been a rapid increase in data theft incidents with an average of 122 data records currently being compromised per second. Within two weeks of the GDPR implementation deadline, more than 1,300 “concerns or complaints” and 60 breaches of personal data were lodged with the regulator in Ireland, the Data Protection Commission. According to the Financial Times1, the UK Information Commissioner’s as a regulatory inquiry or a data subject request can quickly become public knowledge. With the advent of social media and increased global awareness around privacy, any of these events can quickly spiral out of control. This is especially important given the increased burden that GDPR places on organisations as they manage data.