British businesses still failing on GDPR breach reporting

new gloves2With GDPR inching closer to its 6th anniversary – UK GDPR came in after Brexit – it appears many British marketing companies are no closer to full compliance, with over half of all data breaches within the sector in 2023 not reported within the critical 72-hour window required.

Data breach solicitors Hayes Connor took a deep dive into these figures, highlighting the persistent issue of delayed reporting across various sectors, figures which have not improved since 2019.

The top 10 worst offending sectors in 2023, and the percentage of breaches not reported in under 72 hours, were local government (51.32%); general business (49.16%); marketing (47.50%); justice (47.06%); and regulators (46.81%), followed by membership associations (46.67%); online technology and telecoms (45.37%); media (45.16%); Central Government (44.57%); and retail and manufacture (43.94%).

Failure to notify a breach within this timeframe can result in a significant fine of up to £17.5m, or 4% of your global turnover; whichever is higher, although in reality most firms simply get a slap on the wrist.

Within the marketing sector, basic personal identifiable data was breached 97.50% of the time, with health data also significantly compromised.

The analysis points to phishing and unauthorised access as the top two reasons for a breach in this industry, highlighting critical areas for immediate action in data handling training.

Hayes Connor legal director Richard Forrest said: “Despite regulatory advancements, and the introduction of stricter compliance mechanisms, the rate of data breaches remains a serious concern. The recent ICO trends portray a continuous need for vigilance and updated compliance strategies from businesses, especially in how they manage and protect personal data against emerging cyber threats and human error.”

Related stories
Social media giants cough up €3bn for privacy failings
TikTok insists ‘we’ve changed’ following €345m EU fine
TikTok whacked with £12.7m fine for UK privacy failings
Clouds gather over TikTok: Do marketers give a toss?
ICO takes cautious approach as TikTok faces £27m fine
TikTok rocked by fresh claims of 18 violations of GDPR
‘Super-regulator’ puts TikTok, AI and adtech on notice