The latest in the series of blogs from the UK Information Commissioner’s Office (ICO) looks at some of the myths around data breach reporting under the General Data Protection Regulation (GDPR). Given the misleading press stories on this topic, the ICO’s blog should provide some welcome clarification for concerned businesses as they prepare to comply with the GDPR.
Myth 1: All personal data breaches will need to be reported to the ICO.
This is not correct. It will be mandatory to report a personal data breach to the relevant supervisory authority under the GDPR if it is likely to result in a risk to people’s rights and freedoms. However, you don’t need to report the breach if this risk is unlikely.Continue Reading ICO sets the record straight on data breach reporting under the GDPR