Over 59,000 data breach notifications have been reported across the European Economic Area by public and private organisations since the General Data Protection Regulation (GDPR) came into force last May 2018, according to DLA Piper.
The Netherlands, Germany and the UK topped the table in the report, with approximately 15,400, 12,600, and 10,600 reported breaches respectively. The lowest numbers of reported breaches were made in Liechtenstein, Iceland and Cyprus, with just 15, 25 and 35 reported breaches respectively.
The law firm’s research, based on data from the European Commission covering personal data breach notifications for regulators up until 25 January, found that the Netherlands - with 89.8 reported breaches per 100,000 people - topped the list when the number of notifications were weighted against country populations.
Of the 26 EEA countries where breach notification data is available, the UK, Germany and France ranked 10th, 11th and 21st respectively on a reported fine per capita basis. Greece, Italy and Romania reported the fewest number of breaches per capita.
Ross McKean, a partner at DLA Piper specialising in cyber and data protection, explained that the GDPR completely changes the compliance risk for organisations which suffer a personal data breach, due to revenue based fines and the potential for US style group litigation claims for compensation.
“As we saw in the US when mandatory breach notification laws came into force, backed up by tough sanctions for not notifying, the GDPR is driving personal data breach out into the open.”
To date 91 fines have been reported, although not all of these relate to personal data breach and several relate to other infringements of GDPR.
The highest GDPR fine imposed to date is €50 million, which was made against Google on 21 January 2019. This was a French decision in relation to the processing of personal data for advertising purposes without valid authorisation, rather than a personal data breach.
Sam Millar, a partner at DLA Piper specialising in cyber and large scale investigations, said: "We anticipate that regulators will treat data breach more harshly by imposing higher fines given the more acute risk of harm to individuals – we can expect more fines to follow over the coming year as the regulators clear the backlog of notifications."
Latest News
-
‘Highly significant’ cyber-attacks rise by almost 50%, warns NCSC
-
LSEG and Microsoft advance partnership to boost agentic AI in financial services
-
Mastercard rolls out data service to improve approval rates
-
Tide extends tech hub in Lithuania
-
10 major banks evaluate digital money pegged on G7 currencies
-
Monzo launches new tool to help businesses meet upcoming digital tax rules
The future-ready CFO: Driving strategic growth and innovation
This National Technology News webinar sponsored by Sage will explore how CFOs can leverage their unique blend of financial acumen, technological savvy, and strategic mindset to foster cross-functional collaboration and shape overall company direction. Attendees will gain insights into breaking down operational silos, aligning goals across departments like IT, operations, HR, and marketing, and utilising technology to enable real-time data sharing and visibility.
The corporate roadmap to payment excellence: Keeping pace with emerging trends to maximise growth opportunities
In today's rapidly evolving finance and accounting landscape, one of the biggest challenges organisations face is attracting and retaining top talent. As automation and AI revolutionise the profession, finance teams require new skillsets centred on analysis, collaboration, and strategic thinking to drive sustainable competitive advantage.
© 2019 Perspective Publishing Privacy & Cookies
Recent Stories