GDPR - ICO gets 500 breach reports a week !
The transcript of the ICO Deputy Commissioner (Operations) James Dipple-Johnstone speech to the "CBI Cyber Security: Business Insight Conference" makes for interesting reading. A short extract is below: " Busting myths Organisations are struggling with the concept of 72 hours as defined by the GDPR. Remember: it’s not 72 working hours, the clock starts ticking from the moment you become aware of the breach. Some reports are incomplete. Our guidance sets out very clearly what you should include when you report a breach. You might not have all that information to hand in the first 72 hours, we get that, but please plan ahead; have people with suitable seniority and clearance to talk to us and be ready to provide as much detail as you can and be able to tell us when we can expect the rest. It is not very helpful to be told there is a breach affecting lots of customers but the reporter isn’t authorised by the general counsel to tell us more than that! If you don’t