The Infinite Brief

In both March and April, the total number of breaches reported to the ICO was about 400, according to data released by the ICO last week. But the number of breach reports climbed to about 700 in May and hit about 1,750 in June, the ICO says.

GDPR imposes a number of new requirements on organizations that handle personal information. But one of the biggest changes is that organizations must track all breaches, as well as report certain types of breaches to authorities “within 72 hours of becoming aware of the breach, where feasible.”

Organizations that fail to comply with GDPR can face fines of up to 4 percent of an organization’s annual global revenue or €20 million ($23 million), whichever is greater.

But organizations that fail to comply solely with GDPR’s reporting requirements face lesser fines – up to €10 million ($12 million) or 2 percent of annual global revenue.