GDPR has certainly woken the business community up to the importance of data security. In August 2018, the ICO released its annual report which showed a massive jump in voluntarily reported breaches from 2,565 in 2016-17 to 3,311 in 2017-18. This 29 percent increase can likely be attributed to a growing awareness of what constitutes a breach.
At Union Street we’ve certainly noticed a huge increase in the number of requests for information on our ISMS and, post GDPR, we’re frequently asked for information on how we process customer data. We’ve also noticed that communication providers (CPs) of all shapes and sizes now seem to have dedicated information security personnel, whereas before that was a rarity outside of the very largest CPs.
Ultimately, increased awareness can only be a good thing. Perhaps the most important lesson that the business community has learned through its efforts to comply with GDPR, is to view unnecessary sensitive data as a liability. Any potentially sensitive data that is held must be identified, continually reviewed and, if it’s not absolutely required, it should not be stored.