Netherlands has Recorded Most Breach Reports since GDPR became Enforceable

The Dutch Data Protection Authority (DDPA) has recorded the highest number of General Data Protection Regulation (GDPR) breach notifications according to a report published by law firm DLA Piper.

DLA Piper has revealed that the Dutch regulators have been made aware of potential GDOR breaches since the legislation became enforceable on May 25 2018. The Netherlands, Germany and the UK are next when it come to the amount of notifications, with 15,400, 12,600 and 10,600 respectively.

Ross McKean, a partner at DLA Piper said: “GDPR has driven the issue of data breach well and truly into the open. The rate of breach notification has increased by over 12% compared to last year’s report and regulators have been busy road-testing their new powers to sanction and fine organisations.”

The extent of these breaches vary massively, a mistakenly sent email or a cybersecurity hacking incident. However, the number does represent a major change, data breaches are now being taken seriously, or at least in some EU Member States they are.

The Dutch figures overall grew from 89.8 reports per 100,000 Dutch residents during the initial eight months after GDPR became active on May 25 2018.force (May-December 2018).

The DLA Piper GDPR Data Breach Survey (PDF) also pointed out that Ireland and Denmark reported the second and third highest number of breach notifications per capita, with 132.5 and 115.4 notifications per 100,000 residents, respectively. The lowest data breach notification numbers were found in Greece (1.5 per 100,000), Romania (1.9), Italy (2.05), and Spain (2.08). Cumulatively, Germany (37,636) and the UK (22,181) recorded the second and third highest numbers of breach alerts.

In total, the report showed that over 160,000 data breach notifications have been registered across Europe since GDPR became enforceable.

The daily rate grew 12.6% from 247 breach alerts daily for the initial eight months of GDPR to 278 notifications for the next year.

France, even though it ranks just 23 for numbers of per-capita breach notifications, has sanctioned the most in total GDPR penalties for non-compliance, handing out €51m ($56.5m), followed by Germany (€24.5m, or $27.2m) and Austria (€18m or $20m).