Over 160,000 data breach notifications have been made to authorities in the 18 months since Europe's new digital privacy regulations came into force, and the number of breaches and other security incidents being reported is on the rise.
Analysis by law firm DLA Piper found that after General Data Protection Regulation[1] (GDPR) came into force on 25 May 2018, the first eight months saw an average of 247 breach notifications per day. In the time since, that has risen to an average of 278 notifications a day.
"GDPR has driven the issue of data breach well and truly into the open. The rate of breach notification has increased by over 12 per cent compared to last year's report and regulators have been busy road-testing their new powers to sanction and fine organisations," said Ross McKean, partner at DLA Piper specialising in cyber and data protection.
The GDPR Data Breach Survey also calculates the total cost of GDPR-related fines paid so far to be €114m ( $126m/£97m). The largest fine paid so far was one of €50m issued by the French data protection authority, CNIL, to Google[2] over infringements around transparency and consent.
The UK Information Commissioner's Office has issued two larger fines relating to data protection infringements, but currently neither of the organisations involved have come to a final agreement over the payments.
SEE: A winning strategy for cybersecurity[3] (ZDNet special report) | Download the report as a PDF[4] (TechRepublic)
In July last year, British Airways was issued with a £183m [5]($238m/€213m) fine[6] following cyberattacks against its systems which resulted in personal details of around 500,000 customers being stolen by hackers[7].
Following what was described as an "extensive investigation", the ICO concluded