A new Freedom of Information (FOI) request by Redscan for data from the UK Information Commissioner’s Office (ICO) reveals that UK businesses were seriously falling short in terms of data breach disclosure in the year before the EU’s General Data Protection Regulation (GDPR) went into effect, which happened in May of 2018.
The figures show that it took organizations an average of 2 months (60 days) to figure out that they had suffered a security breach, and that it subsequently took firms another 21 days to report the breach to the ICO. On the basis of the findings, less than one in four businesses complied with the maximum breach disclosure period under GDPR, which is 72 hours after the discovery of an incident.
Read more: Data breach reports delayed as organizations struggle to achieve GDPR compliance