GDPR Data Breach Notifcations & Fines Are Increasing

Uploaded on 2020-01-28 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

Since the General Data Protection Regulation (GDPR) came into force in May 2018, the first year had about 247 breach notifications per day. In the time since, that has risen to an average of 278 notifications a day. 

Over 160,000 data-breach notifications have been made to authorities in the 18 months since Europe's new digital privacy regulation came into force and now the number of breaches and other security incidents being reported is on the rise.

The total cost of GDPR-related fines paid so far to be €114m Euro ($126m/£97m) and Google was penalised the largest fine, imposed by the French authorities, which was €50m Euros.

The UK Information Commissioner's Office has issued two larger fines relating to data-protection infringements, but currently neither of the organisations involved have come to a final agreement over the payments. Following what was described as an "extensive investigation", the ICO concluded that information was compromised by "poor security arrangements" at British Airways. At the time, the airline made it clear it wasn't happy with the fine, stating it was "surprised and disappointed".

Hackers breached Starwood Hotels in 2014; that hotel chain was subsequently purchased by Marriott in 2016, but the breach wasn't discovered and patched until 2018. A statement from Marriott at the time of the penalty notice said the company was "deeply disappointed" by the proposed fine and both Marriott and British Airways are appealing their fines.

Under GDPR, organisations can be fined up to four per cent of their annual turnover if they've been found to be irresponsible with security following a data breach.

The current analysis suggests that only 35% of Business are fully GDPR compliant. The maximum fine under the GDPR is up to 4% of annual global turnover or €20 million, whichever is greater, for organisations that infringe its requirements. 

Information Commisioner UK:          ZDNet:       ITGovernance:

You Might Also Read:

Few Businesses Are Ready For California’s New Consumer Data Privacy Law:

 

 

« Travelex Slowly Recovering From Ransomware Attack
Greece And Turkey In Conflict »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Sophos

Sophos

Sophos is a worldwide leader in next-generation cybersecurity, protecting more than 400,000 organizations of all sizes in more than 150 countries from today’s most advanced cyberthreats.

Eversheds Sutherland

Eversheds Sutherland

Eversheds Sutherland is a global multinational law practice offering a full range of commercial and IT law services including Privacy, Data Protection and Cyersecurity.

CERT-EU

CERT-EU

CERT-EU is a permanent Computer Emergency Response Team for the EU institutions, agencies and bodies.

Qualitest Group

Qualitest Group

Qualitest is the world’s largest pure play Quality Assurance and software testing company.

Flashpoint

Flashpoint

Flashpoint is a globally trusted leader in risk intelligence for organizations that demand the fastest, most comprehensive coverage of threatening activity on the internet.

Exonar

Exonar

We enable organisations to better organise their information, removing risk and making it more productive and secure.

ComCERT

ComCERT

ComCERT SA is an independent, private consulting company focusing in the assistance of its customers facing the dangers of cyber threats and security incidents.

ThreatX

ThreatX

ThreatX provides complete web application & API protection to address expanding app footprints and complex attacks.

Truesec

Truesec

TRUESEC has an exceptional mix of IT specialists. We are true experts in cyber security, advanced IT infrastructure and secure development.

Hyperproof

Hyperproof

Hyperproof is a cloud-based compliance operations software. Launch new programs immediately, collect evidence automatically, and manage a compliance program intelligently.

Inversion6

Inversion6

Inversion6 (formerly MRK Technologies) is a cybersecurity risk management provider that offers custom security solutions.

Chugach Government Solutions (CGS)

Chugach Government Solutions (CGS)

CGS performs work for the Federal Government across 4 unique core lines of business, including: Facilities Management and Maintenance, Construction, Technical IT and Cyber Services, and Educational Se

VT Group (VTG)

VT Group (VTG)

VTG delivers force modernization and digital transformation solutions that expand America’s competitive advantage in the modern battlespace.

Cypheria

Cypheria

Cypheria harness the expertise of elite military units and combine it with extensive digital combat experience to deliver unparalleled security solutions for organizations.

UFS Technology

UFS Technology

UFS, the bank technology outfitter for community banks, provides purpose-built, bank-exclusive technology services and solutions including cybersecurity.

DYOPATH

DYOPATH

At DYOPATH we work with the single purpose of helping our clients combat the ongoing increase of cyber threats, the growth in more complex IT environments, and ever-increasing human capital shortages.