An upsurge in incidents or cybersecurity crackdown?
Data breach victims and negligent companies aside, how have everyday companies fared with the new GDPR regulations? The most comprehensive review on the impact of the May 2018 change is the ICO’s annual report. The report has revealed a 29% increase in reported security incidents and data breaches. With the requirement for companies to report significant incidents, within 72 hours of being made aware that there has been a data breach, has greatly increased the number of breach reports. Although on the surface it may look as though incidents have increased exponentially in the last 2 years, the new GDPR rules have actually resulted in a cybersecurity crackdown instead.
Great news for compliant companies
The ICO’s conducted analysis shows that there is further good news for companies who are happy to comply with the new regulations. Despite £875,000 of fines being issued between July and September 2018, a closer look at the statistics shows that the data breaches here were mostly caused by individuals or companies with inadequate policies, with fewer successful cyberattacks overall. The NCSC has played a pivotal part in raising the awareness of GDPR compliance, and this has resulted in many businesses finding it easier to follow the regulations laid out in the new laws. This has meant that more companies are GDPR compliant, as a result, are less likely to be involved in a situation where fines might be issued.
Because the GDPR regulations have caused companies to put more effort into data collection as well as data protection, there is far more data available. With improved security comes a more knowledgeable taskforce, with companies beginning to rely on the increased data-opportunities for future planning. This is an incredible boom for companies who are ready to use the new data. It can improve long and short term planning, as well as the analysis of previous years.
Best of all, companies are starting to report the positive impact that improved security has had on their bottom lines. Fewer data-breaches means fewer fines, fewer compensation claims, less costly mop-up operations and more trust from their customers.