Data breach trends from the first year of the GDPR revealed
It has been more than a year since the European Union implemented General Data Protection Regulation (GDPR). As such, The Data Protection Commission (DPC) has released an information note titled ‘Data Breach Trends from the First Year of GDPR’ that gives an overview of the statistics and trends it has observed since GDPR was enforced.
Of the 5,818 breach notifications the DPC has received since 25 May 2018, common trends include late notifications; difficulty in assessing risk ratings; failure to communicate the breach to data subjects; repeat breach notifications; and inadequate reporting.
Unauthorised disclosure was the main offender; it was behind 83% of all breaches. This can include sending an e-mail or SMS to the wrong recipient or making a processing error. Cyber incidents accounted for 7% of all offences.
It also found that more breaches occurred in the private sector (65%) than in the public sector (35%). Last month, Mazars revealed that the finance sector received more GDPR fines than any other industry, followed by professional services.
Of all breach notifications, 4% were classified as non-breaches as they did not meet the criteria to be defined as personal data breaches.
Where feasible, data controllers are required to notify the appropriate authorities within 72 hours of becoming aware of a breach. However, 13% of all breach notifications received did not comply with this.
Those caught breaching GDPR could be fined up to €20 million, or 4% of an organisation’s worldwide annual turnover for the previous financial year – whichever is higher.
Last month, Mazars revealed that since GDPR was implemented, 20 European countries have doled out fines. Ireland, and seven other countries were yet to administer any.
However, this may not be the case for long. According to data protection commissioner Helen Dixon, several multinational Dublin-based tech giants including Facebook, Twitter and Apple are being investigated for potential data breaches. Investigations into Facebook’s Whatsapp and Twitter are currently in the decision marking phase and Dillon is expected to reveal her decision by the end of the year.