The difficulty organizations may have complying with the EU’s General Data Protection Regulation (GDPR) became apparent when a Norwegian healthcare group took too long to report a data breach earlier this month.
On January 15 Norway’s Health South-East RHF reported that about 2.9 million people may have been impacted by a data breach that took place on January 8. GDPR regulations require a breach be disclosed within 72 hours of discovery to their supervisory authority or in some case to the individuals involved, according to ComputerWorld. The new privacy regulation is scheduled to go into effect on May 25, 2018.
No reason was given for the delay.
HelseCERT, Norway’s healthcare sector computer emergency response team, first noticed the issue and informed the impacted organizations. It is not known at this time if any of the personal data has been removed from the system, Computerworld wrote.