More than 160,000 data breach notifications were notified to the authorities in the 18 months following the entry into force of the new EU privacy rules. In addition, the number of reported breaches and other security incidents is also on the rise.
A study by the law firm DLA Piper has shown that in the first 8 months after the entry into force of the GDPR on 25 May 2018, there was an average of 247 breach notifications per day. Since then, this figure has risen to an average of 278 notifications per day.
The GDPR has helped to draw attention to the issue of data breaches. The violation reporting rate has increased by more than 12% over last year’s report and regulators have been busy testing their new powers to sanction and fine organizations,” said Ross McKean, partner of DLA Piper
The data breach study also concluded that the total cost of GDPR-related fines paid to date amounts to €114 million. The highest fine paid to date is the €50 million fine imposed by the CNIL on Google for breaches relating to transparency and consent.
As a reminder, under the GDPR, offending organisations can be fined up to four percent of their annual turnover if they are grossly negligent with regard to the security of personal data. Despite this, it is estimated that only slightly less than 35% of organizations are compliant with the GDPR.
The total fines of €114 million imposed to date are relatively small compared to the maximum potential fines that can be imposed under GDPR, indicating that we are still in the early days of implementation,” said McKean.
As a result, we can expect to see an increase in the number of fines in the coming year as regulators intensify their enforcement activities.
Do you want to comply with the GDPR and avoid fines? Check out GDPR4You!