European companies experienced thousands of data breaches since data protection laws were brought in last year, according to a survey conducted by a law firm DLA Piper. In its survey dubbed GDPR Data Breach survey, DLA Piper stated that over 59,000 data breaches have been reported across the European Economic Area (EEA) by the public and private organizations since the General Data Protection Regulation (GDPR) came into effect on May 25, 2018.
Of the 26 EEA countries, Netherlands topped the list with 15,400 data breach notifications followed by Germany and the United Kingdom with 12,600 and 10,600 reported breaches, respectively. Whereas the lowest number of reported breaches were made in Liechtenstein, Iceland, and Cyprus with 15, 25 and 35 breaches respectively, the survey revealed.
Till date, around 91 fines have been reported which are related to personal data breaches and GDPR infringements, according to the survey. The highest GDPR fine imposed to date is €50 million (around $57 million), which was made against the search engine giant Google on January 21, 2019, by the French data regulator CNIL (National Data Protection Commission) for violating the General Data Protection Regulation (GDPR) law. The data protection watchdog stated it had levied the fine for Google’s lack of transparency and valid agreement regarding ads personalization. The regulator also said that Google didn’t sufficiently inform the people about how it collected users’ data to personalize ads.
“The GDPR completely changes the compliance risk for organizations which suffer a personal data breach due to revenue-based fines and the potential for U.S. style group litigation claims for compensation. As we saw in the U.S. when mandatory breach notification laws came into force, backed up by tough sanctions for not notifying, the GDPR is driving personal data breach out into the open. Our report confirms this with more than 59,000 data breaches notified across Europe in the first 8 months since the GDPR came into force,” said Ross McKean, a partner at DLA Piper.
Recently, The European Commission (EC) stated that data protection regulators in Europe have received more than 95,000 complaints about potential data breaches, after the implementation of the General Data Protection Regulation (GDPR). The commission also said that most of the complaints are focused on telemarketing, promotional emails, and video surveillance.