Businesses waited an average of three weeks to report data breaches to Britain’s Information Commissioner’s Office prior to GDPR, according to Freedom of Information data requested by Redscan. And 91% failed to include important information such as the impact of the breach and dates.