GDPR Data Breach Notifcations & Fines Are Increasing

Uploaded on 2020-01-28 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

Since the General Data Protection Regulation (GDPR) came into force in May 2018, the first year had about 247 breach notifications per day. In the time since, that has risen to an average of 278 notifications a day. 

Over 160,000 data-breach notifications have been made to authorities in the 18 months since Europe's new digital privacy regulation came into force and now the number of breaches and other security incidents being reported is on the rise.

The total cost of GDPR-related fines paid so far to be €114m Euro ($126m/£97m) and Google was penalised the largest fine, imposed by the French authorities, which was €50m Euros.

The UK Information Commissioner's Office has issued two larger fines relating to data-protection infringements, but currently neither of the organisations involved have come to a final agreement over the payments. Following what was described as an "extensive investigation", the ICO concluded that information was compromised by "poor security arrangements" at British Airways. At the time, the airline made it clear it wasn't happy with the fine, stating it was "surprised and disappointed".

Hackers breached Starwood Hotels in 2014; that hotel chain was subsequently purchased by Marriott in 2016, but the breach wasn't discovered and patched until 2018. A statement from Marriott at the time of the penalty notice said the company was "deeply disappointed" by the proposed fine and both Marriott and British Airways are appealing their fines.

Under GDPR, organisations can be fined up to four per cent of their annual turnover if they've been found to be irresponsible with security following a data breach.

The current analysis suggests that only 35% of Business are fully GDPR compliant. The maximum fine under the GDPR is up to 4% of annual global turnover or €20 million, whichever is greater, for organisations that infringe its requirements. 

Information Commisioner UK:          ZDNet:       ITGovernance:

You Might Also Read:

Few Businesses Are Ready For California’s New Consumer Data Privacy Law:

 

 

« Travelex Slowly Recovering From Ransomware Attack
Greece And Turkey In Conflict »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Webroot

Webroot

Webroot delivers next-generation endpoint security and threat intelligence services to protect businesses and individuals around the globe.

ISACA Conferences

ISACA Conferences

ISACA is dedicated to offering the most dynamic and inclusive conferences to keep you abreast of the latest advances in IT and Information Security.

CISPA Helmholtz Center for Information Security

CISPA Helmholtz Center for Information Security

The CISPA Helmholtz Center for Information Security is a German national Big Science Institution within the Helmholtz Association. Our research encompasses all aspects of Information Security.

Sage Designs

Sage Designs

Sage Designs is a provider of SCADA, Security & Industrial Automation products and training programs.

RHEA Group

RHEA Group

RHEA Group offers aerospace and security engineering services and solutions, system development, and technologies including cyber security.

CIRISK

CIRISK

CIRISK offers a wide range of services from consulting to audit or project management to help you develop your cyber security or information security strategy.

Cloud Managed Networks

Cloud Managed Networks

Cloud Managed Networks provides enterprise grade IT network solutions for cloud-based and on premise network security, Wi-Fi, data switching, collaboration, device management and more.

GM Security Technologies

GM Security Technologies

GM Security Technologies provides leading managed security services of the highest quality to every type of individual and organization in Puerto Rico, Caribbean and Latin America.

New Enterprise Associates (NEA)

New Enterprise Associates (NEA)

As one of the world’s largest and most active venture capital firms, NEA has developed deep domain expertise and insight into our industries of focus - technology and healthcare.

Key Cyber Solutions

Key Cyber Solutions

Key Cyber is an IT consulting firm that specializes in agile software development services, program management and infrastructure services, cyber security and cloud and managed services.

Sharktech

Sharktech

Sharktech designs, develops, and supports advanced DDoS protection and web technologies.

Start Left® Security

Start Left® Security

Great security culture doesn't just happen; you ENGINEER it.

MDSec

MDSec

MDSec is a consultancy with a passion for information security. Our consultants specialise in application, mobile and hardware security and targeted red team attacks.

Vala Secure

Vala Secure

Vala Secure is a cybersecurity and compliance consultancy that always stays ahead of regulations, future threats and ever-changing security environments.

Solvo

Solvo

Solvo enables security teams and other stakeholders to automatically uncover, prioritize, mitigate and remediate cloud infrastructure access risks.

Potech

Potech

Potech provides masterful services in Information & Technology and Cybersecurity to multiple markets across the world.