'Great variation' in GDPR breaches 

Over 59,000 data breach notifications have been reported across the European Economic Area by public and private organisations since the GDPR came into force on 25th May 2018, according to law firm DLA Piper's GDPR Data Breach survey. 

The Netherlands, Germany and the UK topped the table in the report with approximately 15,400, 12,600, and 10,600 reported breaches respectively. The lowest numbers of reported breaches were made in Liechtenstein, Iceland and Cyprus with 15, 25 and 35 reported breaches respectively.

The Netherlands, with 89.8 reported breaches per 100,000 people topped the list when the number of notifications were weighted against country populations, followed by Ireland and Denmark. 

Of the 26 EEA countries where breach notification data is available, the UK, Germany and France ranked tenth, eleventh and twenty-first respectively on a reported fine per capita basis. Greece, Italy and Romania reported the fewest number of breaches per capita.

Robert Baugh, head of GDPR compliance software firm Keepabl, said: "There is a great variation in the number of notified personal data breaches within the EEA, country by country. Keepabl created the BPM Index to explore this and we've included official breach data from 25 national authorities in the EEA."

"We're at the early stage of GDPR implementation so this variation is to be expected but it does make it harder for organisations to plan for and deliver compliance," he added. "Far greater simplification and harmonisation of guidance is needed to see these numbers normalise."

Share this story