Over 59,000 data breaches reported in Europe since GDPR

More than 59,000 data breaches have been reported across Europe in the eight months since the introduction of the General Data Protection Regulation (GDPR), a study has revealed.

The survey, conducted by multinational law firm DLA Piper, looked at breach reports from 23 of the 28 European Union’s (EU) member states between 25 May 2018 and 28 January 2019.

The Netherlands reported the highest number of incidents at 15,400, followed by Germany at 12,600 and the UK at 10,600. The countries with the fewest consisted of Cyprus at 35, Iceland at 25 and Liechtenstein at 15.

Infosecurity Magazine reported that the notifications ranged from the minor, which included emails accidentally being sent to the wrong recipient, to major attacks affecting millions of people.

“It is still very early days for GDPR enforcement with only a handful of fines reported across the EU," said the study. “However, we anticipate that 2019 will see more fines for tens and potentially even hundreds of millions of Euros as regulators deal with the backlog of GDPR data breach notifications.”

According to the The Daily Swig, around 9% of the notifications included in the study related to breaches that predated GDPR, when a different set of standards were in place.

The most notable violations so far include Google, which was fined €50 million (US$56.7 million) by French regulator CNIL for violations. The tech giant is also facing possible penalties from the UK’s Information Commissioner’s Office after it was accused of “forcing” users to consent to data collection.

Emma Woollacott

Emma Woollacott is a freelance business journalist. Her work has appeared in a wide range of publications, including the Guardian, the Times, Forbes and the BBC.