European regulators ‘get 60,000 breach reports’ under GDPR
Privacy regulators around Europe have received almost 60,000 reports of data breaches since the introduction of the General Data Protection Regulation (GDPR) in May last year.
This is according to a study by law firm DLA Piper, which found the Netherlands, Germany and the UK were responsible for the most incidents, with 15,400, 12,600, and 10,600 reported breaches respectively.
It observed the volume of reports, which is mainly due to much stricter requirements for businesses to notify authorities quickly of any breaches, means regulators are struggling to keep pace, with most countries dealing with a large backlog.
Ross McKean, a partner at DLA Piper specialising in cyber and data protection, said that GDPR has completely changed the compliance risk for firms that fall victim to data breaches.
"As we saw in the US when mandatory breach notification laws came into force, backed up by tough sanctions for not notifying, the GDPR is driving personal data breaches out into the open," he continued.
So far, 91 fines have been issued across Europe under the GDPR regime, though not all of these were directly related to personal data breaches. The highest penalty was the €50 million (£44 million) imposed on Google by French regulator CNIL, which regarded the processing of user data for advertising purposes without valid authorisation.
The report noted it is still early days for GDPR, with the value of most fines so far relatively low. However, the firm anticipates that 2019 will see more fines reaching tens or even hundreds of millions of euro.
Sam Millar, a partner at DLA Piper specialising in cyber and large scale investigations, added that regulators have just started to "flex their muscles" when it comes to enforcement of GDPR rules, with the fine against Google a particularly landmark moment.
"We anticipate that regulators will treat data breach more harshly by imposing higher fines given the more acute risk of harm to individuals," he continued. "We can expect more fines to follow over the coming year, as the regulators clear the backlog of notifications."
Share This Post, Choose Your Platform!
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.