GDPR – General Data Protection Regulation – came into effect from May 25, 2018, setting out new rules on organizations can collect and handle data. Eight months on, the statistics show that 59,430 breaches have been reported at the time since the regulation was put into place. The number of fines on them is far from satisfactory.
A report by DLA Piper found 59,000 data breaches have been reported to regulators throughout the EU and all of these breaches are not equal as they range from simple emails being sent to the wrong party to major hacks impacting millions.
It looks like only 91 fines have been issued till now so far and not all of them relate to data breaches. Google was fined about $57 million for processing of personal data for advertising without valid authorization.
The report reads “Regulators are stretched and have a large backlog of notifying breaches in their inbox. Inevitably the larger headline-grabbing breaches have taken priority when allocating resources, so many organizations are still waiting to hear from regulators whether any action will be taken against them in relation to the breaches they have notified”. It is important to note that this report focuses on reported data breaches only”.
When looked at on a per capita basis, the Netherlands, Ireland, and Denmark are the main offenders that comprised the bulk of the reports. Ireland and Denmark were placed at fourth and fifth with 3,800 and 3,100 reports each. Italy has so far had very few breach notifications relative to its large population Notification practice and culture varies significantly among member states. “The weighted illustrates that Italy was second only to Greece in reporting the fewest breaches on a per capita basis and the report noted it only took into consideration the number of breaches actually reported by each nation.