Over 59,000 Breaches Reported to GDPR Regulators

Over 59,000 Breaches Reported to GDPR Regulators

There have been more than 59,000 breach notifications to regulators of the GDPR since it was introduced on May 25, 2018, according to new findings from DLA Piper.

The global law firm’s report runs all the way up to Data Protection Day on January 28 2019, meaning there was an average of over 7300 breach reports each month since the legislation was introduced.

The notifications range from the minor — such as emails being accidentally sent to the wrong recipient — to major attacks affecting millions, perhaps a reference to Marriott International.

The Netherlands was the surprise at the top of the breach reporting table, with organizations there having notified the supervisory authorities around 15,400 times. Next came Germany (12,600) and the UK (10,600).

The Netherlands also wins in terms of the country with most breach notifications per capita, followed by Ireland and Denmark. The UK came tenth in this regard.

Interestingly, the report claimed that there have already been 91 reported fines, but most appear to have slipped under the radar as they were so small. Most notable was the €50m penalty levied against Google, although a €20,000 fine against a German chat app Knuddels also stood out as the first major fine by a national regulator.

In fact, with over 60 fines already levied, Germany seems to be the most prolific in this regard.

DLA Piper clarified that the high number of breach reports is likely due to the large fines for covering up an incident, but said regulators are wading through a large backlog already.

It warned that the financial penalties will only increase.

“We anticipate that 2019 will see more fines for tens and potentially even hundreds of millions of euros as regulators deal with the backlog of GDPR data breach notifications,” the report concluded.

“It is likely that regulators and courts will look to EU competition law and jurisprudence for inspiration when calculating GDPR fines and some regulators have already said they will do so. Competition lawyers are not known to shy away from imposing hefty fines and have imposed some eye-catching multi-billion Euro fines recently on large tech companies.”

Source: Information Security Magazine