The Information Commissioner’s Office revealed it has been receiving 500 reports by telephone per week since GDPR came into force, a third of which are considered to be unnecessary or fail to meet the threshold for a data incident. ICO deputy commissioner James Dipple-Johnstone revealed that misconceptions are still commonplace among organisations more than three months after GDPR came into force, leading to a large number of needless calls to the regulator.
Andy Norton, Director of Threat Intelligence at Lastline:
“In the first 32 days of GDPR coming into existence, there were 4009 complaints lodged across the various European Data Protection Offices. Unfortunately many of the stipulations in GDPR are open to subjective interpretation currently. For example, how does someone accurately access the llikeilhood of harm coming to an effected data subject following a leak or theft of data? So, we are witnessing organisations being abundantly cautious and notifying the data regulators at any breach which has the potential for harm, in an attempt to avoid heavy fines.”