The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Post-GDPR, 160,000 Data Breaches and Counting

by Chris Brook on Tuesday January 21, 2020

Contact Us
Free Demo
Chat

A new report that aggregates post-GDPR data breach statistics in Europe suggests new, higher fines are to come in 2020.

If the number of breaches reported since the onset of General Data Protection Regulation portend anything, we’ll no doubt see a number of high figure GDPR fines coming down the pipeline in 2020.

Since May 25, 2018 – the date the GDPR went into effect – there have been over 160,000 data breach notifications. 160,921 to be specific. That number, for what it's worth, has translated to 144 million euros or $126 million in fines under GDPR, according to DLA Piper, an international law firm that's been keeping track of the number of data breaches reported to EU regulators.

As part of its annual Data Breach Report (.PDF) the law firm looks at personal data breaches reported to data protection authorities throughout the European Economic Area, or EEA.

Given the proliferation of stories about data breaches in the headlines, perhaps it’s not a huge surprise that the number is more than double the figure (60,000) DLA Piper reported last year at this time. While yes, this year's report covers a full year of GDPR and its procedures being implemented - 2019's only included the GDPR's 8 months - the numbers still correlate with a 12 percent increase in breach notification rate.

Like last year, the Netherlands experienced the most breaches per capita, 147.2, with Ireland, Denmark, and Iceland not far behind. When looking at the sheer number of breaches overall, Netherlands still took the cake, followed by Germany and the UK.

The report, as many articles about GDPR of late, makes a point to highlight just how few fines there have been so far. Aside from large fines imposed on British Airways and Marriott, which obviously commanded headlines when they were handed down, the money figure isn’t as high as one would expect, especially given the maximum fine against a company could be four percent of its annual turnover.

The law firm posits this will change in 2020, especially as supervisory groups and data protection authorities, like the UK’s Information Commissioner's Office, continue to reinforce their staff.

“It would be unwise to assume that low and infrequent fines will be the norm going forward,” the report reads, “Supervisory authorities across Europe have been staffing up their enforcement teams and getting to grips with the new regime. It takes time to build a robust case to justify higher fines. We expect to see more multi million Euro fines in the coming year.”

Statistics around the report’s total value of GDPR fines are expectedly skewed by France's data protection regulator, CNIL's mammoth 50 million euro fine against Google last January. Absent from the report are also the British Airways and Marriott fines as technically they were notices of intent to fine and not finalized when DLA Piper was drafting up the report.

While the report acknowledges it could be some time until there’s a formal, legal certainty around how GDPR fines should be calculated, it makes a point to drive home that one thing is certain: There will be more of them.

Tags: GDPR

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.