GDPR Is One Year Old This Week

Uploaded on 2019-05-23 in FREE TO VIEW, BUSINESS-Services-Law

The EU made GDPR (General Data Protection Regulation) law effective on May 25th 2018 and it is now a year old. GDPR’s purpose is to make organisations report data breaches and to fine those that don’t control and protect their data properly.  

Since the GDPR came into force, over 59,000 data breach notifications have been reported across the European Economic Area by public and private organisations.  The Netherlands, Germany and the UK topped the table in the report with approximately 15,400, 12,600, and 10,600 reported breaches respectively. 

The lowest numbers of reported breaches were made in Liechtenstein, Iceland and Cyprus with 15, 25 and 35 reported breaches respectively. 

The Netherlands, with 89.8 reported breaches per 100,000 people topped the list when the number of notifications were weighted against country populations, followed by Ireland and Denmark. 
Of the 26 EEA countries where breach notification data is available, the UK, Germany and France ranked tenth, eleventh and twenty-first respectively on a reported fine per capita basis. Greece, Italy and Romania reported the fewest number of breaches per capita.

According to Ross McKean, a partner at international law firm DLA Piper specialising in cyber and data protection:

"The GDPR completely changes the compliance risk for organizations which suffer a personal data breach due to revenue based fines and the potential for US style group litigation claims for compensation. 

“As we saw in the US when mandatory breach notification laws came into force, backed up by tough sanctions for not notifying, the GDPR is driving personal data breach out into the open. Our report confirms this with more than 59,000 data breaches notified across Europe in the first 8 months since the GDPR came into force."

To date 91 fines have been reported. Not all of these relate to personal data breach and several relate to other infringements of GDPR.

The highest GDPR fine imposed to date is €50 million, which was made against Google on 21 January 2019. This was a French decision in relation to the processing of personal data for advertising purposes without valid authorisation, rather than a personal data breach.

Also commenting on the report, Sam Millar, a partner at DLA Piper specialising in cyber and large scale investigations said: "The regulators have already started to flex their muscles with 91 GDPR fines imposed to date but the fine against Google is a landmark moment and is notable partly because it is not related to personal data breach. 

“We anticipate that regulators will treat data breach more harshly by imposing higher fines given the more acute risk of harm to individuals. We can expect more fines to follow over the coming year as the regulators clear the backlog of notifications." 

This information is according to DLA Piper's GDPR Data Breach Survey.

DLA Piper

You Might Also Read:

"Cookie Walls" Non-Compliant With GDPR:

 

 

 

« Google Blocks Huawei From Android
Five Things to Know About 5G »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Booz Allen Hamilton

Booz Allen Hamilton

Booz Allen Hamilton is a management & tech consulting firm. Technology services include cloud computing, cyber security, systems development and integration.

RU-CERT

RU-CERT

RU-CERT is the CSIRT / CERT team of the Russian Federation.

Engineering Group

Engineering Group

Engineering is the Digital Transformation Company, a leader in Italy and with over 80 offices across Europe, the United States, and South America.

APERIO

APERIO

APERIO, the global leader in industrial data integrity, helps its customers drive profitability and sustainability while mitigating risk in their industrial operations.

IEEE Cyber Science and Technology Congress (CyberSciTech)

IEEE Cyber Science and Technology Congress (CyberSciTech)

CyberSciTech provides a platform for scientists, researchers, and engineers to share their latest ideas and advances in the broad scope of cyber-related science, technology, and application topics.

SDG Corp

SDG Corp

SDG is a global cybersecurity, identity governance, risk consulting and advisory firm, addressing complex security, compliance and technology needs.

Dynics

Dynics

The Dynics ICS-Defender is an Industrial Control System Security Appliance for OT or OT/IT convergent environments.

Cybrella

Cybrella

Cybrella offers professional cybersecurity services for small to medium sized businesses and to larger enterprises looking to expand their cybersecurity capabilities.

NXTsoft

NXTsoft

NXTsoft’s solutions help businesses secure, connect and optimize their data to maximize revenue opportunities, enhance profitability, and mitigate cybersecurity risk.

OptimEyes.ai

OptimEyes.ai

OptimEyes.ai is a unique AI-powered, on-demand SaaS solution for cyber-security, data privacy and compliance risk modeling.

Polestar Industrial IT

Polestar Industrial IT

Polestar work on both sides of the IT & OT divide. Network, Data & Asset Security is our priority. Polestar installations are robust and resilient and comply with the appropriate security.

Conosco

Conosco

Conosco are industry-leading experts throughout the UK in strategic consulting, project delivery, business communications, support, and security.

Aura Information Security

Aura Information Security

Aura Information Security consists of a team of highly-skilled and renowned information security professionals spanning Australia and New Zealand.

NVISO Security

NVISO Security

NVISO is a pure-play cyber security consulting firm, focused mainly on the Financial Sector, the Technology Sector, and Government & Critical Infrastructure.

Apex

Apex

We aspire to make the AI revolution run faster, securely, for the benefit of all. We are purposely built for the new AI era and are creating capabilities to safely enable AI.

CHERI Alliance

CHERI Alliance

CHERI Alliance is an industry initiative spearheading the global adoption of the Capability Hardware Enhanced RISC Instructions (CHERI) security technology across the computing industry.