Charity data breach incidents up 600 per cent since introduction of GDPR, report reveals - Thorne Widgery

The number of charities reporting data breach incidents has risen significantly since the introduction of the General Data Protection Regulation (GDPR), new figures have shown.

The data, published by data watchdog the Information Commissioner’s Office (ICO), reveals that some 137 data breaches were reported to the office in the second quarter of 2018/19.

This is compared to the same period a year ago, when just 21 incidents were flagged. This represents an increase of more than 600 per cent.

According to the report, 88 of those incidents pertained to the unlawful disclosure of data, while 50 related to various other security issues.

Under GDPR, which was implemented in May this year, all European organisations are required to take a number of steps to protect the privacy and security of customer data, with a focus on transparency, consent and cybersecurity.

Failure to follow the new rules set out in the regulation can result in significant fines, spanning up to 20 million euros or four per cent of annual global turnover, whichever of both is highest.

The regulator’s latest report shows that a total of 4,056 data security incidents were reported to the office, with charities accounting for 3.3 per cent of all reported incidents.

The data also reveals that charities were victim to some 36 individual cases of cyber attacks during the second quarter, more than double the number of attacks reported by the sector for the first quarter of the year. Of these, 18 related to phishing, six to misconfiguration of hardware and five to unauthorised access to information.

Is your charity fully compliant with GDPR? Complete the ICO self-assessment checklist to check if you are ready to deal with a data security breach.