Home SecurityData Breach Report: Over 59,000 GDPR knowledge breach notifications, however solely 91 fines

Report: Over 59,000 GDPR knowledge breach notifications, however solely 91 fines

by ethhack

For the reason that European Union’s General Data Protection Regulation (GDPR) got here into impact in Could final yr, EU organizations have reported virtually 60,000 knowledge breaches, however to date fewer than 100 fines have been issued by regulators.

In keeping with a new report by multinational law firm DLA Piper, the European Fee’s official statistics present 41,502 knowledge breach notifications between Could 25, 2018, and January 28, 2019 (Knowledge Safety Day). Nonetheless, this solely lined 21 of the 28 EU member states and did not embody nations like Norway, Iceland and Lichtenstein, which aren’t EU members however are a part of the European Financial Space (EEA) and are topic to the identical regulation.

DLA Piper’s personal evaluation has counted 59,430 disclosed knowledge breaches throughout Europe over the identical interval, with the Netherlands, Germany and the UK main by far within the variety of stories. Collectively, these nations are chargeable for almost two-thirds of knowledge breach notifications, with 15,400, 12,600 and 10,600 disclosures, respectively.

GDPR requires organizations to report the publicity of non-public knowledge to nationwide knowledge safety regulators and to the affected people inside 72 hours after they develop into conscious of such breaches. It additionally mandates strict safety measures for shielding knowledge and fines for violations that may go as much as of as much as €10 million or 2 % of the worldwide annual turnover.

GDPR fines

Through the analyzed time interval, regulators have imposed 91 fines for GDPR violations, however not all of them have been associated to publicity of non-public knowledge, in line with DLA Piper’s report. For instance, the very best one was a current €50 million positive imposed by the French knowledge safety authority (CNIL) on Google for processing private knowledge for promoting functions with out acquiring the permission required beneath GDPR.

In Germany, the regulators imposed a €20,000 positive on an organization for failing to guard worker passwords with cryptographic hashes, whereas in Austria a €4,800 positive was issued for working an unauthorized CCTV system that partially surveilled a public sidewalk.

Source link

Related Articles

Leave a Comment