GDPR: More Than 160,000 Data Breach Notifications

Data protection regulators have imposed $126 million (EUR114 million) in fines under the GDPR regime for a wide range of GDPR infringements, not just for data breaches.

According to the DLA Piper’s latest GDPR Data Breach Survey, France, Germany and Austria top the rankings for the total value of GDPR fines imposed with just more than $56.5 million, $26.1 million and $19.9 million respectively. The Netherlands, Germany and the UK topped the table for the number of data breaches notified to regulators with 40,647, 37,636 and 22,181 notifications each.

For the period from May 25, 2018 to January 27, 2019 there were on average 247 breach notifications per day. For the period from January 28, 2019 to January 27, 2020 there were on average 278 breach notifications per day (a 12.6 percent increase), so the current trend for breach notifications is upwards.

The highest GDPR fine to date was $55.4 million imposed by the French data protection regulator on Google, for alleged infringements of the transparency principle and lack of valid consent, rather than for a data breach. Following two high profile data breaches, the UK ICO published two notices of intent to impose fines in July 2019 of $366 million although neither of these were finalized as at the date of this report.

Commenting on the 2020 report, Ross McKean, a partner at DLA Piper specializing in cyber and data protection, said: “GDPR has driven the issue of data breach well and truly into the open. The rate of breach notification has increased by over 12 percent compared to last year’s report and regulators have been busy road-testing their new powers to sanction and fine organizations”.

Patrick Van Eecke, chair of DLA Piper’s international data protection practice, said, “The early GDPR fines raise many questions. Ask two different regulators how GDPR fines should be calculated and you will get two different answers. We are years away from having legal certainty on this crucial question, but one thing is for certain, we can expect to see many more fines and appeals over the coming years”.

This announcement originally appeared in Security Magazine.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Previous Article

Funnel raises $47 million to automate data collection for marketers

Next Article

The US needs a national privacy law for personal data, Salesforce co-CEO says

Related Posts

Subscribe to TheCustomer Report

Customer Enlightenment Delivered Daily.

    Get the latest insights, tips, and technologies to help you build and protect your customer estate.