Global law firm Linklaters recently published analysis showing a 66% increase in data breach notifications across many European markets. With businesses under financial pressure as a result of Covid-19, there is speculation that the number of notifications may increase much further in next year’s reports.
According to Linklater’s analysis, the following factors contributed most significantly to the increase in notifications from year 1 of the GDPR.
- External malicious acts, for example, hacking or scam;
- Sending e-mails/documents to incorrect recipients;
- Loss or theft of unsecured devices, such as, mobile phones and laptops; and
- Inadequate security measures of data available over the Internet, for example, unproperly secured databases.
Following the lockdown of all major economies around the globe, cyber-security experts and consulting firms began warning businesses not to lose focus on ensuring that their systems remained robust and compliant. Back in March, for example, Deloitte issued guidance on personal data protection during remote work. Despite pleas from across the business sector to remain vigilant, many analysts predict that data breaches are likely to increase in year 3 of the GDPR, as organisations’ resources are diverted to tackling the crisis and ensuring that they survive it.
Whilst the ICO has made it clear that there will be some leniency shown to organisations that have been forced to divert resources as a result of the pandemic, they have also suggested that firms must retain accountability. On their website they state:
“To show that your processing of data is compliant, you will need to use the accountability principle. It makes you responsible for complying with the GDPR and says that you must be able to demonstrate your compliance such as additional recording keeping requirements when processing sensitive data.”
Maintaining GDPR compliance
The increase in data breach notifications when comparing year 2 of GDPR legislation to year 1 shows that there is still work to be done to tackle data security issues within organisations of all sizes. The Covid-19 crisis has created an even more challenging environment for businesses to maintain compliance and ensure that their customer’s data is handled in line with the regulations.
Swift and efficient handling of any complaints you may receive is one key element of ensuring compliance with the GDPR. If you hold data on EU citizens you must appoint an EU representative, based within the EU, to handle any complaints. You risk a hefty fine by not doing so.
For further information on appointing an EU representative for your business, click here
If you process data on EU or UK data subjects and appreciate that compliance with the GDPR is essential for risk management, data-security and customer-confidence in your international business and you feel that you are a good fit for our EU representative services please click the button below to schedule a free call with us today. Assigning an EU or UK representative for your business is a straightforward process and we’ll be happy to talk you through it.
During the call we’ll answer any questions you may have and we’ll go through our service in full detail so that you have a complete understanding of our solution and how it can benefit your business. We look forward to speaking with you.