"Human Error" caused most data reported incidents in the UK

The General Data Protection Regulation (GDPR) came into force across the EU on 25 May 2018. Designed to give people more control over their data, GDPR represents a challenge to organisations, who must bring their data protection policies into line with the new regulations or face substantial penalties.

GDPR compels organisations to secure clearer consent for using people's information, and introduces tougher fines for failing to protect people's data.

'Human error' to blame for most data incidents

The vast majority of data security incidents reported to the UK Information Commissioner's Office (ICO), according to new publications, were a consequence of 'human error'. Only a minor percentage of data security incidents were related with malicious activity.

Among the most common incidents were instances of confidential data being emailed to the incorrect recipient, instances of loss or theft of paperwork, and instances of data left in an insecure location.

With GDPR now requiring organisations of all sizes to report all potential breaches within 72 hours, the number of recorded incidents is only set to rise.

This update is intended as a summary only and should not be regarded or relied upon as advice regarding any specific situation. For specific advice please contact our office.