GDPR Data Breach Notifcations & Fines Are Increasing

Since the General Data Protection Regulation (GDPR) came into force in May 2018, the first year had about 247 breach notifications per day. In the time since, that has risen to an average of 278 notifications a day. 

Over 160,000 data-breach notifications have been made to authorities in the 18 months since Europe's new digital privacy regulation came into force and now the number of breaches and other security incidents being reported is on the rise.

The total cost of GDPR-related fines paid so far to be €114m Euro ($126m/£97m) and Google was penalised the largest fine, imposed by the French authorities, which was €50m Euros.

The UK Information Commissioner's Office has issued two larger fines relating to data-protection infringements, but currently neither of the organisations involved have come to a final agreement over the payments. Following what was described as an "extensive investigation", the ICO concluded that information was compromised by "poor security arrangements" at British Airways. At the time, the airline made it clear it wasn't happy with the fine, stating it was "surprised and disappointed".

Hackers breached Starwood Hotels in 2014; that hotel chain was subsequently purchased by Marriott in 2016, but the breach wasn't discovered and patched until 2018. A statement from Marriott at the time of the penalty notice said the company was "deeply disappointed" by the proposed fine and both Marriott and British Airways are appealing their fines.

Under GDPR, organisations can be fined up to four per cent of their annual turnover if they've been found to be irresponsible with security following a data breach.

The current analysis suggests that only 35% of Business are fully GDPR compliant. The maximum fine under the GDPR is up to 4% of annual global turnover or €20 million, whichever is greater, for organisations that infringe its requirements. 

Information Commisioner UK:          ZDNet:       ITGovernance:

You Might Also Read:

Few Businesses Are Ready For California’s New Consumer Data Privacy Law:

 

 

« Travelex Slowly Recovering From Ransomware Attack
Greece And Turkey In Conflict »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Versasec

Versasec

Versasec is a leader in identity and access management, providing customers with security solutions for managing digital identities.

F-Secure

F-Secure

F-Secure defends enterprises and consumers against everything from opportunistic ransomware infections to advanced cyber attacks.

Gigasoft

Gigasoft

Gigasoft provide secure online data backup & cloud backup services for the education sector and businesses.

Black Duck Software

Black Duck Software

Black Duck Hub allows organizations to manage open source code security as well as license compliance risks.

Computer Forensic Services

Computer Forensic Services

Computer Forensic Services are digital evidence specialists. Practice areas include Information Security, e-Discovery, Law Enforcement Support and Litigation.

Digital Arts

Digital Arts

Digital Arts provides internet security software and appliance products for companies and individuals.

Metrarc

Metrarc

Metrarc has developed a ground-breaking technology called ICMetrics™ for deriving secure encryption keys from the properties of digital systems without the need to store any of the encryption keys.

Cyber Security Education

Cyber Security Education

CybersecurityEducation.org is an online directory of cyber security education and careers.

Cowbell Cyber

Cowbell Cyber

Cowbell Cyber™ offers continuous risk assessment, comprehensive cyber liability coverage, and continuous underwriting through an AI-powered platform.

BridgingMinds Network

BridgingMinds Network

BridgingMinds Network is an industry leading best practices and IT security training provider in Singapore.

Auvik Networks

Auvik Networks

Auvik is easy-to-use cloud-based networking management and monitoring software - true network visibility and control without the hassle.

SK Shieldus

SK Shieldus

SK shieldus are a converged security provider with business capabilities in both cybersecurity and physical security based on Big-Tech.

Technivorus Technology

Technivorus Technology

Technivorus is a deep-tech firm delivering customized Cybersecurity, Digital Marketing, Web & App Development, and multifarious IT services for businesses across the globe.

Eleos Labs

Eleos Labs

Eleos Labs' suite of security tools prevent Web3 cyber attacks, reduce economic risks, and protect digital assets.

Pistachio

Pistachio

Pistachio is the new evolution of cybersecurity awareness training and attack simulations.

ZoobeTek

ZoobeTek

ZoobeTek are a company focused on preventing leaks related to the security of business information3.