Author Topic: 59K Data Breaches Reported, 91 Fines Imposed Since GDPR Enactment  (Read 682 times)

Online javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35126
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com
More than 59,000 data breach notifications have been reported to Data Protection Authorities (DPAs) across Europe by both public and privately-owned organizations since EU's GDPR was passed on May 25, 2018.

GDPR is a user and data privacy regulation which came into effect in the European Union on May 25, addressing data protection of EU residents and the export of personal data outside the EU and EEA areas.

The Netherlands, Germany and the UK lead the rankings with roughly 15,400, 12,600, and 10,600 reported breaches respectively, as detailed in a report published by the DLA Piper global law firm, while companies from Liechtenstein, Iceland, and Cyprus reported 5, 25 and 35 breaches respectively.

While a European Commission Statement issued on January 25 stated that companies reported 41,502 data breaches since the GDPR enactment, these results were "based only on the voluntary contributions of 21 (out of 28 EU Member States) data protection regulators" says DLA Piper.

Based on the law firm's "research covering 23 of the 28 EU Member States, together with figures for Norway, Iceland and Lichtenstein (the three additional European Economic Area Member States), we calculate that there have been 59,430 reported data breaches over the same period across Europe."

Google slapped with record €50 million fine

According to the report,  91 fines have been imposed until now under the rules of the GDPR across the EU, but it is worth mentioning that not all of them are related to breaches of personal data.

Out of the ones who aren't connected to personal data breaches, Google's €50 million fine was the highest GDPR penalty ever and it was issued by the French Commission Nationale de l’informatique et des Libertés (CNIL) on January 21 for not obtaining user consent for processing data for ads personalization purposes and for violating transparency and information obligations.

While there are no other fines on the same level as the on Google was slapped with recently, the DLA Piper report says that DPAs all over EU were quite busy with:

• a €20,000 fine was imposed on a company for failing to hash employee passwords, resulting in a security breach.

• a €80,000 fine in January 2019 for publishing health data on the internet

• a €4,800 fine issued in Austria for the operation of an unlawful CCTV system which was deemed excessive for its partial surveillance of a public sidewalk.

• Cyprus also reported four fines, with a total value of €11,500

• Malta reported a total of 17 fines, a surprisingly large number given the relatively small size of the country.

While not all data breach notifications and user complaints end up with a fine, the fact that the GDPR has led to big tech companies being held responsible for their lack of interest in protecting the personal data and privacy of EU citizens is definitely the result EU residents were hoping for.


click for full image

Multiple tech companies under investigation

Google-owned YouTube is currently the target of a GDPR complaint filed by the NOYB NGO for "right to access" violations under GDPR's Article 15, with a possible maximum penalty that could reach €3.87 Billion, while Apple, Amazon, Netflix, Spotify, SoundCloud, Flimmit, and DAZN are also being targeted by GDPR complaints about the same reasons.

Previously, during November 2018, Acxiom, Oracle, Criteo, Quantcast, Tapad, Equifax, and Experian were also subjects of a GDPR complaint filed by Privacy International for illegally collecting the data of millions to create user profiles.

It's also important to mention that the GDPR has also overhauled data security after being passed, since companies which closely conform to its provisions experience benefits such as lower frequency and effect of data breaches, fewer records being impacted by the attacks, as well as shorter downtimes, and lower overall costs, as reported by Cisco in its Data Privacy Benchmark Study.

source