On 25 May 2018 new data breach notification laws came into force across Europe, fundamentally changing the risk profile for organizations suffering a personal data breach.
DLA Piper has compiled a report which takes a closer look at the number of data breaches notified to regulators since the GDPR came into force, how the number of notifications compares among EEA member states, as well as country rankings based on notifications per capita. The report also considers the first fines issued for the period from 25 May 2018 to International Data Protection Day on 28 January 2019.
In the 8 months since GDPR has applied, there have been approximately 59,000 personal data breaches notified to regulators. It is still early days for GDPR enforcement with only a handful of fines reported across the EU, with the recent €50 million fine imposed on Google being the largest.
It is clear from the data that many organizations have heeded the new breach notification rules and are well aware of the high sanctions possible for failing to notify. We anticipate that 2019 will see an increase in both the number and the size of fines.