Businesses routinely delayed data breach disclosure and failed to provide important details to the ICO in the year prior to the GDPR’s enactment. On average, businesses waited three weeks after discovery to report a breach to the ICO, while the worst offending organization waited 142 days.

Read full news article on Help Net Security