business man at laptop

Survey: 43% of UK businesses reported to ICO since GDPR implementation

Research from Apricorn has revealed the extent to which UK businesses have been reported to the Information Commissioner’s Office (ICO) since the General Data Protection Regulation (GDPR) came into effect in May 2018.

A survey of 100 IT leaders from large UK companies found that 43% of them had been reported to the ICO.

Within this data, Apricorn found:

  • 33% of businesses had reported themselves to the ICO.
  • 10% of businesses were reported by someone else, although it is unknown if these were reports from the public or insiders.
  • 9% of businesses admitted they had suffered a data breach but didn’t know whether it had been reported to the ICO.

While it’s positive that businesses are reporting themselves to the ICO when necessary, it’s concerning many business leaders don’t know if a breach has been reported. While not every breach needs reporting to the ICO, consumers who trust businesses with their data would expect those businesses to know what steps they have taken following a breach!

In addition, only a tenth of businesses being the subject of an external report may suggest the public aren’t aware of what to do if their data has been exposed following a data breach.

If your data has been exposed in a data breach, you could be entitled to compensation! Contact LawPlus today for a FREE assessment of your claim!

Are reporting issues the least of our concerns?

As a consumer, it’s always concerning when we learn our data has been compromised. However, not every data breach is as significant or as widely reported as British Airways’ major 2018 breach, with many breaches never reported at all.

While we may never find out about data breaches involving our data, we trust the businesses that hold our data to be vigilant and responsible about how they do so.

Unfortunately, Apricorn’s study suggested this wasn’t always the case, either.

Other notable statistics from the research included:

  • 33% of businesses admit to struggling to identify and locate data.
  • 31% said they didn’t understand their data obligations.
  • 25% stated they didn’t adequately secure data!

This data sets alarm bells ringing for several reasons. First, if a third of businesses don’t know where data is, how can they ever know if they’ve suffered a breach?!

A similar number of businesses admitting they didn’t understand data obligations is staggering. If we’re giving companies some benefit of the doubt, we could say this may be a hangover from the end of the Brexit transition period. However, businesses had plenty of time to prepare for Brexit, and the Data Protection Act (2018) complements GDPR anyway, so in reality, nothing has changed.

However, the most significant concern is undoubtedly that a quarter of businesses admit they don’t adequately secure data! Considering other recent research shows that 94% of companies have suffered an internal data breach in the past year, this is a shocking disclosure.

What challenges do businesses face in protecting your data?

39% of respondents to the Apricorn survey said that accounting for mobile and remote working was their biggest cybersecurity challenge.

While this isn’t that surprising, especially as it looks like a “hybrid” style of work is here to stay, businesses have now had nearly 18 months to deal with this challenge. On top of that, remote working wasn’t exactly new in 2020! So it’s reasonable to expect that businesses would have some systems in place to mitigate risk already. At the same time, we should note that human error is easily the most significant contributing factor to data breaches. Sometimes, it only takes one employee using public wi-fi in a coffee shop, and suddenly consumer data is at considerable risk.

On top of meeting challenges around remote working, businesses also admitted struggling with data encryption – specifically what data to encrypt – and controlling data storage and access.

What does this mean for consumers?

In the modern world, cybercrime and data breaches are, sadly, a near certainty.

However, a significant number of breaches occur due to negligence or human error and are wholly avoidable. While most companies have data protection and privacy policies that you can freely browse on their website, the admissions to Apricorn suggest these are little more than token gestures in a significant number of cases.

While you can’t control what a business does with your data (at least, beyond giving them permission – or not – around how they can use it), you can control the companies with whom you share your details.

Remain vigilant by:

  • Using different passwords across all your online accounts.
  • Using password suggestion functions and apps to come up with strong passwords.
  • Regularly auditing and updating your passwords.
  • Being wary of whom you share your data with and the boxes you are ticking when you’re signing up to a newsletter or trying to check out a purchase quickly.

While data breaches are inevitable – especially when businesses admit they don’t understand their obligations or secure data adequately! – you should still ensure you take steps to protect yourself should your data be exposed.

If your data has been compromised in a data breach, you may be entitled to compensation, even if you didn’t suffer a financial loss as a result. Contact us now for a FREE assessment of your claim.