As we ‘celebrate’ the 6th birthday of GDPR a new study finds that over half of all data breaches in the UK in 2023 were not reported within the required 72-hour window.

The report from Hayes Connor revealed the sectors with the worst track record. These were:

  • Local Government: 51.32%
  • General Business: 49.16%
  • Marketing: 47.50%
  • Justice: 47.06%
  • Regulators: 46.81%
  • Membership Associations: 46.67%
  • Online Technology and Telecoms: 45.37%
  • Media: 45.16%
  • Central Government: 44.57%
  • Retail and Manufacture: 43.94%

Failing to report a breach within this timeframe can result in significant fines of up to £17.5 million or 4% of global turnover, whichever is higher. However, in practice, most firms receive minimal penalties.

A key finding of the research is that in the marketing sector, 97.50% of breaches involved basic personal identifiable data, with health data also significantly compromised. Phishing and unauthorised access were identified as the top reasons for breaches, which according to the report emphasises the urgent need for improved data handling training.

This need is further compounded by preparations for the prosed incoming DPDI Act, which has a greater focus on data hygiene; ensuring data is clean, accurate, and secure. Implementing stringent data hygiene measures is not just about avoiding penalties but also about maintaining trust and integrity in handling personal information.

Effective data hygiene involves regular audits, employee training, and robust security protocols. These practices can significantly reduce the risk of breaches caused by human error and cyber-attacks. As the DPDI Act emphasises stronger data protection frameworks, the report highlights that companies must prioritise data hygiene to stay compliant and safeguard their reputation.

For more information about how we can help you keep your data clean, up-to-date and compliant, get in touch!