Emma Woollacott reports:
British businesses could face lower fines if they proactively report data breaches, thanks to an agreement between the UK’s data protection regulator and cybersecurity agency.
The Information Commissioner’s Office (ICO) and National Cyber Security Centre (NCSC) say they plan to encourage engagement with the NCSC in the event of a breach, and allow meaningful engagement with the NCSC to lead to reduced regulatory penalties.
Read more at Forbes.
Woollacott cites the ICO’s report last year indicating that compliance with GDPR’s 72- hours deadline to report a breach to the ICO was only occurring in fewer than a third of breaches involving personal data since 2019. Offering the possibility of reduced fines for compliance — if couples with the ICO actually imposing fines for noncompliance — may work well.