Under EU’s General Data Protection Regulation, organizations that suffer certain types of breaches must inform the ICO within 72 hours of learning that they have been breached. In the U.K., breached organizations must report the incident to the Information Commissioner’s Office of Privacy. Residents can also file complaints with the ICO if they believe their personal data has been misused or not properly secured (see: GDPR Effect: Data Protection Complaints Spike) Since May 25, the number of complaints and breach reports has skyrocketed.”]
Source: https://www.cuinfosecurity.com/gdpr-8000-data-breach-reports-filed-so-far-in-uk-a-11828