1st March 2019
A recent survey by DLA Piper has found that there have been over 59,000 data breach notifications across the European Economic Area since GDPR came into force on the 25th May 2018.
The Netherlands, Germany and the UK were found to be the worst offenders in the report with approximately 15,400, 12,600 and 10,600 reported breaches respectively. On the other side of the scale was Liechtenstein, Iceland and Cyprus who had the fewest breaches with around 15, 25 and 35 breaches respectively.
When the country population was weighed up against the breaches, it was an all too similar story for the Netherlands who still had the most breaches per capita, followed by Ireland and Denmark. The UK ranked tenth in the list. Greece, Italy, and Romania have reported the fewest breaches per capita.
Sanctions for failing to comply with the GDPR requirements include fines of up to 10 million euros or up to 2 percent of the total worldwide annual turnover, whichever is higher. To date, 91 fines have been imposed. The survey also reported that the highest GDPR fine imposed to date is 50 million euros against Google in relation to the processing of personal data.
It is still early days in terms of GDPR, and so far, we have only seen a few larger fines. However, regulators have a large backlog of notified breaches in their inboxes, so many companies are still waiting to hear back about whether they will be actioned. In 2019 we should expect to see bigger fines being given out as they get through the backlog. Regulators are not known to shy away from imposing hefty fines and will continue to do so in order to ensure GDPR is still being enforced by companies around the EU.
If you are reading this from a non-European country you are probably thinking ‘well this doesn’t affect me’, but you could be wrong. Any company who has dealings with EU businesses or has any employees in Europe need to comply with GDPR. This can be complicated when you don’t have a GDPR expert in your company. Using an outsourced payroll provider for these particular employees will help ensure you are getting it right and your company doesn’t suffer at the hands of GDPR fines.