66% increase in GDPR data breach notifications across European markets

GDPR: Will Your Company Be Fine or Fined?

June 29, 2020

According to a Linklaters analysis, there has been a major increase of data breach notifications to data protection authorities, with an average increase in notifications of 66 percent compared to Year 1 of the EU General Data Protection Regulation (‘GDPR’).

However, the UK has bucked the trend, reporting a decrease. The analysis covered seven European countries, including Belgium, France, Germany (Free State of Bavaria), Italy, Poland, Spain and the UK, within a one-year period (May 15, 2018 to May 24, 2019).

In the UK, the number of data breach notifications has dropped by 17 percent to 11,499, whereas, numbers almost doubled in France, with a 97 percent increase to 2,287, and also soared in Spain, reporting 1,608 notifications, representing a 58 percent increase compared to Y1. The increase in both France and Spain can be explained because companies are more aware of their obligations and many of them were still undergoing their compliance programs during Y1, says Linklaters.

Following that trend, Poland has reported a relatively high number of notifications in comparison to other EU countries with 6,039 data breach notifications in 2019. This is likely to be due to the relatively low threshold set by the local data protection authority (DPA), consequently, most companies adopt a safe approach and prefer to notify even non-material data breaches.

Factors contributing to the UK’s decrease in data breach notifications include:

Organizations over-reporting following the initial implementation of the GDPR;
The UK DPA (the ICO) issued a warning on the over-reporting of data breaches; and
The UK had particularly high breach notifications compared to other countries in Y1 of the GDPR.

According to the Linklaters analysis, the majority of breach notifications stemmed from breach of confidentiality/access by unauthorized third parties and the main categories of data subjects concerned were clients and employees. The key sources of breaches ranged from:

External malicious acts, for example, hacking or scam;
Sending e-mails/documents to incorrect recipients;
Loss or theft of unsecured devices, such as, mobile phones and laptops; and
Inadequate security measures of data available over the Internet, for example, unproperly secured databases.

Another trend has also been analysed by Linklaters, the number of fines that have been published so far under the GDPR in the last year, with only one fine reported in the UK while 112 fines have been ordered by the Spanish DPA, 10 by the Italian DPA, 9 by the Belgian DPA, 6 by the CNIL in France, 13 in Germany and 5 in Poland. However, the UK ICO has EUR 314,000,000 worth of proposed fines in its pipeline.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

66% increase in GDPR data breach notifications across European markets

Related Articles

Related Events

Report Abusive Comment