We are just over a month into GDPR compliance and there have, as yet, been no really high profile data breaches.
This shouldn't lull people into a false sense of security as data breaches are happening every day. I'm working with around 80 schools and so far have been made aware of 20 breaches that have occurred in those schools alone. I should stress that none of them have been major incidents and only one has actually been sufficiently serious to require reporting to the ICO as the potential consequences for data subjects has been negligible in most cases.
My advice is to keep reminding staff that it is in their interest and the school's to make senior managers aware of any breach, however small, so a decision can be made on whether it needs to be reported to the ICO.
Don't be lulled into a false sense of security just because you think you've done your preparation well - the school I feel has done the most preparation work to achieve compliance has actually had three breaches in the first month of GDPR!
It should be said they were all minor issues and none needed to be reported to the ICO, but they have been recorded on the school's internal breach log, and lessons have been learned to ensure these types of issue are less likely to happen in future.