The coming into force of the General Data Protection Regulation in 2018 will bring a duty to report data breaches for companies, with widespread implications.
- The General Data Protection Regulation (GDPR) comes into force on 25 May 2018, introducing a duty to notify the Information Commissioner’s Office (ICO) of data breaches.
- Fines of a much greater magnitude can be levied by the ICO on companies failing to comply with this duty and, where personal data has been leaked, follow on claims can be expected.
- Reporting companies can expect to be asked to conduct investigations into cyber security breaches and report to the ICO.
Mandatory notifications of data breaches
2018 will see the implementation of the GDPR and its mandatory duty on data controllers in the UK to notify the ICO of a data breach involving personal data. We expect mandatory reporting to increase the risk of enforcement and civil litigation for corporations following cyber