GDPR Is One Year Old This Week

Uploaded on 2019-05-23 in FREE TO VIEW, BUSINESS-Services-Law

The EU made GDPR (General Data Protection Regulation) law effective on May 25th 2018 and it is now a year old. GDPR’s purpose is to make organisations report data breaches and to fine those that don’t control and protect their data properly.  

Since the GDPR came into force, over 59,000 data breach notifications have been reported across the European Economic Area by public and private organisations.  The Netherlands, Germany and the UK topped the table in the report with approximately 15,400, 12,600, and 10,600 reported breaches respectively. 

The lowest numbers of reported breaches were made in Liechtenstein, Iceland and Cyprus with 15, 25 and 35 reported breaches respectively. 

The Netherlands, with 89.8 reported breaches per 100,000 people topped the list when the number of notifications were weighted against country populations, followed by Ireland and Denmark. 
Of the 26 EEA countries where breach notification data is available, the UK, Germany and France ranked tenth, eleventh and twenty-first respectively on a reported fine per capita basis. Greece, Italy and Romania reported the fewest number of breaches per capita.

According to Ross McKean, a partner at international law firm DLA Piper specialising in cyber and data protection:

"The GDPR completely changes the compliance risk for organizations which suffer a personal data breach due to revenue based fines and the potential for US style group litigation claims for compensation. 

“As we saw in the US when mandatory breach notification laws came into force, backed up by tough sanctions for not notifying, the GDPR is driving personal data breach out into the open. Our report confirms this with more than 59,000 data breaches notified across Europe in the first 8 months since the GDPR came into force."

To date 91 fines have been reported. Not all of these relate to personal data breach and several relate to other infringements of GDPR.

The highest GDPR fine imposed to date is €50 million, which was made against Google on 21 January 2019. This was a French decision in relation to the processing of personal data for advertising purposes without valid authorisation, rather than a personal data breach.

Also commenting on the report, Sam Millar, a partner at DLA Piper specialising in cyber and large scale investigations said: "The regulators have already started to flex their muscles with 91 GDPR fines imposed to date but the fine against Google is a landmark moment and is notable partly because it is not related to personal data breach. 

“We anticipate that regulators will treat data breach more harshly by imposing higher fines given the more acute risk of harm to individuals. We can expect more fines to follow over the coming year as the regulators clear the backlog of notifications." 

This information is according to DLA Piper's GDPR Data Breach Survey.

DLA Piper

You Might Also Read:

"Cookie Walls" Non-Compliant With GDPR:

 

 

 

« Google Blocks Huawei From Android
Five Things to Know About 5G »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Intrinsic-ID

Intrinsic-ID

Intrinsic-ID's authentication technology creates unique IDs and keys to authenticate chips, data, devices and systems.

Splunk

Splunk

Splunk provide real-time Security Information & Event Management solutions for Enterprise Networks, Cloud and small-scale IT environments

DataLocker

DataLocker

DataLocker offers both hardware based external storage and software based cloud storage encryption solutions.

Capita

Capita

Capita is a consulting, digital services and software business, providing end-to-end enterprise IT services and solutions focused around digital transformation and innovation.

Be Cyber Aware At Sea

Be Cyber Aware At Sea

Be Cyber Aware At Sea is a global maritime and offshore industry initiative to raise awareness and educate crew members and the offshore workforce.

Nexcom International

Nexcom International

Nexcom operates six global businesses - IoT Automation, Intelligent Digital Security, Internet of Things, Intelligent Platform & Services, Mobile Computing Solutions, Network & Communications.

SaferVPN

SaferVPN

SaferVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

Culinda

Culinda

Culinda secures medical IoT devices in hospitals with An Artificial Intelligence platform and security gateway.

iFluids Engineering

iFluids Engineering

iFluids Engineering is a leading engineering consulting and risk management firm providing a full range of services including Cyber Security for Industrial Control Systems.

About Cyber Security.

About Cyber Security.

About Cybersecurity provides a galaxy-wide knowledge base of cybersecurity tactics and techniques derived from actual experience.

DataExpert Singapore

DataExpert Singapore

DataExpert Singapore provide solutions and services in the areas of Digital Forensics, Data Recovery, Data Duplication, Data Degaussing & Wiping, Data Destruction, and IT Disposal.

BOXX Insurance

BOXX Insurance

BOXX Insurance Inc. is a new type of insurance company for a new type of risk. Cyberboxx is the first fully-integrated cybersecurity and insurance solution for small-to-medium-sized businesses.

Artjoker

Artjoker

Artjoker is a full cycle software development partner specialized in Blockchain projects and smart contract development including full cycle information security of all projects.

NormCyber

NormCyber

NormCyber provide award-winning cyber security and data protection as a service for midsize organisations.

Canadian Cyber Threat Exchange (CCTX)

Canadian Cyber Threat Exchange (CCTX)

The CCTX is Canada’s not-for-profit, private-sector cyber threat sharing hub and collaboration centre.

Iron Mountain

Iron Mountain

Iron Mountain Incorporated is a global business dedicated to storing, protecting and managing, information and assets.