Global law firm Linklaters recently published analysis showing a 66% increase in data breach notifications</a> across many European markets. With businesses under financial pressure as a result of Covid-19, there is speculation that the number of notifications may increase much further in next year's reports. According to Linklater's analysis, the following factors contributed most significantly to the increase in notifications from year 1 of the GDPR. External malicious acts, for example, hacking or scam; Sending e-mails/documents to incorrect recipients; Loss or theft of unsecured devices, such as, mobile phones and laptops; and Inadequate security measures of data available over the Internet, for example, unproperly secured databases. Following the lockdown of all major economies within the EU, cyber-security experts and consulting firms began warning firms not to lose focus on ensuring that their systems remained robust and compliant. Back in March, for example, Deloitte issued guidance on personal data protection during remote work. Despite pleas from across the business sector to remain vigilant, many analysts predict that data breaches are likely to increase in year 3 of the GDPR, as organisations' resources are diverted to tackling the crisis and ensuring that they survive it. Whilst the ICO has made it clear that there will be some leniency shown to organisations that have been forced to divert resources as a result of the pandemic, they have also suggested that firms must retain accountability. On their website they state: "To show that your processing of data is compliant, you will need to use the accountability principle. It makes you responsible for complying with the GDPR and says that you must be able to demonstrate your compliance such as additional recording keeping requirements when processing sensitive data." Maintaining GDPR compliance The increase in data breach notifications when comparing year 2 of GDPR legislation to year 1 shows that there is still work to be done to tackle data security issues within organisations of all sizes. The Covid-19 crisis has created an even more challenging environment for businesses to maintain compliance and ensure that their customer's data is handled in line with the regulations. Swift and efficient handling of any complaints you may receive is one key element of ensuring compliance with the GDPR. If you hold data on EU citizens you must appoint an EU representative, based within the EU, to handle any complaints. You risk a hefty fine by not doing so. For further information on appointing an EU representative for your business, click here.