One month into the new data protection legislation, the Office of Data Protection Commissioner (ODPC) says local organisations are responding to the higher standards required of them.
Since the law changed on 25 May, seven reports of data breaches have been received, all of which are at the lowest level.
Emma Martins, Data Protection Commissioner says this low number is an indication of how well Bailiwick businesses have responded to the higher standards required of them under the new legislation.
“The breach reports we have received predominantly relate to organisations unintentionally sending personal data to the wrong recipient, for example, by software autocompleting an email address and the user not checking before they send the email.
“We categorise each breach we receive depending on severity – the seven received in the month since the law changed have been ranked as low risk. This means that the breaches are unlikely to cause harm to the person whose data has been disclosed accidentally.”
Mrs Martins confirmed she was pleased with the response from Bailiwick organisations in demonstrating their readiness to comply with the new legislation.
“We have been encouraged by the preparedness of local businesses, particularly by those who have evidenced an effective data breach response plan. When data protection is done well it builds and maintains trust between organisations and the individuals whose data they hold. It is positive that this trust is being extended to us as the regulator by letting us know when things have not gone to plan.”
Under the new law (the Data Protection (Bailiwick of Guernsey) Law, 2017) local organisations have a legal obligation to report a data breach to the Office of the Data Protection Commissioner within 72 hours of them becoming aware of it. One of the key differences between the previous law and the new law is that breach reporting is now mandatory, rather than voluntary. The ODPC is supporting local organisations through the new statutory breach reporting process.
The breach reporting obligation exists to ensure organisations recognise the importance of compliance and invest in systems that provide maximum protection for what is probably the most valuable asset held – personal data.
Mrs Martins added: “We are grateful for the insight that breach reports provide us, as they alert us to issues early and provide invaluable insight into the risk environment. This helps us to target our resources to support better compliance across the Bailiwick.
“The key message for local organisations is that we will work positively and constructively with you in the event of a data breach, to improve compliance, for the benefit of everyone.”
The Office of the Data Protection Commissioner is working to improve its online breach reporting mechanism and has asked for any comments to be submitted via: enquiries@odpc.gg
