Earlier today, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) issued a press release stating that it received 20,881 notifications of data breaches in 2018. In comparison to 2017, the amount of data breach notifications has (more than) doubled. The largest amount of notifications were made in the following sectors:

  • Healthcare (29%);
  • Public administration (26%);
  • Financial services (17%).

Further interesting figures concern the types of data breaches reported: more than two third of the reported data breaches relate to personal data sent to the wrong recipient (63%). The remaining 37% of the notifications concern lost personal data, such as through lost or stolen laptops, USB sticks, hacking, phishing or malware. In most of the notifications the following personal data was ‘breached’: name and address, gender, health data and national identification number.

With respect to enforcement measures, the Dutch DPA mentioned that since 25 May 2018, it has taken action against 298 organizations that reported a data breach. In general, these actions led to a warning and termination of the violation. As the number of notification exceeded the previously estimated number considerably, the Dutch DPA will be expanding its capacity to take more action, which can lead to more enforcement measures.

Therefore, as always, organizations should remain vigilant and further invest in having the required mechanisms in place to effectively respond to data breaches and raise (more) awareness throughout the organization.