This week's myth-busting blog from the ICO sets the record straight on data breach reporting. In her latest article, Elizabeth Denham, Information Commissioner, addresses a number of frequently asked questions relating to breaches including:

  • Do ALL personal data breaches need to be reported to the ICO?
  • Must organisations provide ALL details as soon as a data breach occurs?
  • If organisations do not report in time, will a huge fine ALWAYS be issued?
  • Is data breach reporting ALL about punishing organisations?


The ICO are keen to stress that the purpose of the GDPR is not to punish organisations, but to make them better equipped to deal with security vulnerabilities. The new legislation will give the public trust and confidence that their data is being handled responsibly and is focused on giving consumers more control over their data and increasing the accountability of organisations.

With less than 9 months until the GDPR, why not join us for a complimentary breakfast briefing on 21 September? Hear from our expert speakers on the latest developments and the steps you can take to prepare for the changes. Click here to reserve your place.