es
en
Read in PDF
v 0
09 July 2020
Article
Premium
Sabba Mirza Senior Associate, Privacy, Security and Information at FieldFisher
Lessons from post GDPR data breaches and ICO enforcement actions
Data Breach
Data Protection
Abstract

The GDPR has been a game changer for data breach notification. Data breach notification is mandatory for all businesses, depending on whether they act as a controller or processor and on the likely impact of the data breach on individuals. Further, a rather onerous deadline for notification applies to controllers: specifically, Article 33 of the GDPR requires that a data breach is notified to the regulator without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless it is unlikely to result in a risk to individuals. The GDPR raised the maximum penalty for contraventions to 4% of global turnover or up to €20m, whichever is the greater. This has forced organisation to think about their approach to incident prevention, incident response and breach notification.

This article provides an analysis of the most high profile data breaches and ICO enforcement actions in the two years post GDPR. Based on the enforcement action taken by the ICO, this article seeks to highlight key issues what businesses should be aware of when considering their incident response policies and procedures, the do's and don'ts of incident response and, more importantly, the pitfalls that put organisations at a risk of falling victim to a breach.

3

Subscribe to read the full article

Check out our yearly subscription and practical guide subscription options.

Enjoy 1 year access for 270.00$

Get full access to The Impact Lawyers for 1 year, viewing all articles and downloads available on our website

Subscription
Already a subscriber?
Newsletter

Take home

The GDPR sets out what is expected from an organisation in terms of the measures that should be put in place to secure personal data and what an organisation must do after a breach has occurred. The ICO has set out clearly what the ICO saw as failings when issuing intent to fine and monetary penalty notices. This serves as guidance for organisations when dealing with their breach preparedness and response procedures.

Copyright © The Impact Lawyers. All rights reserved. This information or any part of it may not be copied or disseminated in any way or by any means or downloaded or stored in an electronic database or retrieval system without the express written consent of The Impact Lawyers. The opinions expressed in this article are those of the authors and do not necessarily reflect the positions or policies of The Impact Lawyers.
#
(P)
Previous
(N)
Next
$

Related videos

Related podcasts

Related articles

icon

Comments

Post:
Rules for participation
Newsletter

Would you like to read more?

The Impact Lawyers offers a FREE newsletter that keeps you up to date on news and analysis about the international latest legal news.
Please complete the form below and click on subscribe to receive The Impact Lawyers Newsletter subscription

Related links

Main menu

Contact us

x
2
x
Subscribe for free

The Impact Lawyers Newsletter

  • Practical templates and guides for lawyers and law firms
  • Podcasts, videos and webinars explaining how to be sucessful
  • Tips made by lawyers and other practitioners
Your experience on this site will be improved by allowing cookies.