The EU’s GDPR regulation and its attached fines appears to be encouraging data breach reports with almost 60,000 such reports being filed since the privacy law went into effect in May, but the number of fines imposed lag far behind.
A report by DLA Piper found 59,000 data breaches have been reported to regulators throughout the EU and all of these breaches are not equal as they range from simple emails being sent to the wrong party to major hacks impacting millions.
However, only 91 fines have been issued so far and not all of them are related to data breaches. Google was fined about $57 million by the French data protection authority - the CNIL - for processing of personal data for advertising purposes without valid authorization.
“Regulators are stretched and have a large backlog of notified breaches in their inboxes. Inevitably the larger headline-grabbing breaches have taken priority when allocating resources, so many organizations are still waiting to hear from regulators whether any action will be taken against them in relation to the breaches they have notified,” the report stated.
Three countries comprised the bulk of the reports. The Netherlands, Germany and U.K., respectively, had 15,400, 12,600 and 10,600 breach reports filed. Ireland and Denmark were placed a distant fourth and fifth with 3,800 and 3,100 reports each. When looked at on a per capital basis The Netherlands, Ireland and Denmark were the main offenders.
“The weighted rankings are also revealing. In particular, Italy has so far had very few breach notifications relative to its large population which illustrates that notification practice and culture varies significantly among member states. It is important to note that this report focuses on reported data breaches only,” the report said.
Italy was second only to Greece in reporting the fewest breaches on a per capita basis and the report noted it only took into consideration the number of breaches actually reported by each nation.