GDPR Is One Year Old This Week

The EU made GDPR (General Data Protection Regulation) law effective on May 25th 2018 and it is now a year old. GDPR’s purpose is to make organisations report data breaches and to fine those that don’t control and protect their data properly.  

Since the GDPR came into force, over 59,000 data breach notifications have been reported across the European Economic Area by public and private organisations.  The Netherlands, Germany and the UK topped the table in the report with approximately 15,400, 12,600, and 10,600 reported breaches respectively. 

The lowest numbers of reported breaches were made in Liechtenstein, Iceland and Cyprus with 15, 25 and 35 reported breaches respectively. 

The Netherlands, with 89.8 reported breaches per 100,000 people topped the list when the number of notifications were weighted against country populations, followed by Ireland and Denmark. 
Of the 26 EEA countries where breach notification data is available, the UK, Germany and France ranked tenth, eleventh and twenty-first respectively on a reported fine per capita basis. Greece, Italy and Romania reported the fewest number of breaches per capita.

According to Ross McKean, a partner at international law firm DLA Piper specialising in cyber and data protection:

"The GDPR completely changes the compliance risk for organizations which suffer a personal data breach due to revenue based fines and the potential for US style group litigation claims for compensation. 

“As we saw in the US when mandatory breach notification laws came into force, backed up by tough sanctions for not notifying, the GDPR is driving personal data breach out into the open. Our report confirms this with more than 59,000 data breaches notified across Europe in the first 8 months since the GDPR came into force."

To date 91 fines have been reported. Not all of these relate to personal data breach and several relate to other infringements of GDPR.

The highest GDPR fine imposed to date is €50 million, which was made against Google on 21 January 2019. This was a French decision in relation to the processing of personal data for advertising purposes without valid authorisation, rather than a personal data breach.

Also commenting on the report, Sam Millar, a partner at DLA Piper specialising in cyber and large scale investigations said: "The regulators have already started to flex their muscles with 91 GDPR fines imposed to date but the fine against Google is a landmark moment and is notable partly because it is not related to personal data breach. 

“We anticipate that regulators will treat data breach more harshly by imposing higher fines given the more acute risk of harm to individuals. We can expect more fines to follow over the coming year as the regulators clear the backlog of notifications." 

This information is according to DLA Piper's GDPR Data Breach Survey.

DLA Piper

You Might Also Read:

"Cookie Walls" Non-Compliant With GDPR:

 

 

 

« Google Blocks Huawei From Android
Five Things to Know About 5G »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Zymr

Zymr

Zymr specialize in cloud computing solutions including Cloud Security, Cloud Mobility, Cloud Apps, Cloud Infrastructure and Cloud Orchestration.

Hillstone Networks

Hillstone Networks

Hillstone Networks offers a broad range of security solutions for enterprises and data center networks – whether physical, virtual, or in the cloud.

NovaTech Automation

NovaTech Automation

NovaTech products and services make the world’s power grids and essential process industries more reliable, efficient, sustainable and secure.

Teramind

Teramind

Teramind provides a user-centric security approach to monitor employee behavior in order to identify suspicious activity, detect possible threats, monitor efficiency, and ensure industry compliance.

Hornetsecurity

Hornetsecurity

Meet Hornetsecurity – Leading Cloud Email Security Provider. We protect global organizations so you can focus on what you do best.

Expanse

Expanse

Expanse SaaS-delivered products plus service expertise reduce your internet edge risk to prevent breaches and successful attacks.

Slovenska Akreditacija (SA)

Slovenska Akreditacija (SA)

Slovenska Akreditacija (Slovenia Accreditation) is the national standards accreditation body for Slovenia.

Jump Capital

Jump Capital

Jump provides series A and B capital to data-driven tech companies within the FinTech, IT & Data Infrastructure, B2B SaaS and Media sectors.

Cyber Range Malaysia

Cyber Range Malaysia

With Cyber Range Malaysia organizations can train their security professionals in empirically valid cyber war-gaming scenarios necessary to develop IT staff skills and instincts for defensive action.

Cohesity

Cohesity

Cohesity radically simplifies the way businesses back up, manage, protect, and extract value from their data—in the data center, at the edge, and in the cloud.

Dashlane

Dashlane

Dashlane puts all your passwords, payments, and personal info in one place that only you control. So you can use them instantly. Securely. Exactly when you need them.

Endure Secure

Endure Secure

Endure Secure is a managed cyber security & information security consultancy. Our passion for IS and our understanding of the threat landscape is reflected in the services that we provide.

Smartcomply

Smartcomply

Smartcomply is an automated and AI-powered cybersecurity and compliance platform that aids businesses in reducing the time and money spent on cybersecurity and compliance.

Slide

Slide

Slide is a modern, security-first Business Continuity & Disaster Recovery (BCDR) company built exclusively for Managed Service Providers.

Cybermate

Cybermate

Cybermate is the first affordable, gamified ‘Psybersecurity’ awareness training platform that reduces behavioural risk and achieves compliance with Australian cybersecurity standards.

DOT Security

DOT Security

DOT Security provides advanced security services for businesses of all sizes.