Since the General Data Protection Regulation (GDPR) came into force in May 2018, the first year had about 247 breach notifications per day. In the time since, that has risen to an average of 278 notifications a day.
Over 160,000 data-breach notifications have been made to authorities in the 18 months since Europe’s new digital privacy regulation came into force and now the number of breaches and other security incidents being reported is on the rise.
The total cost of GDPR-related fines paid so far to be €114m Euro ($126m/£97m) and Google was penalized the largest fine, imposed by the French authorities, which was €50m Euros.
The UK Information Commissioner’s Office has issued two larger fines relating to data-protection infringements, but currently neither of the organizations involved have come to a final agreement over the payments. Following what was described as an “extensive investigation”, the ICO concluded that information was compromised by “poor security arrangements” at British Airways. At the time, the airline made it clear it wasn’t happy with the fine, stating it was “surprised and disappointed”.
Hackers breached Starwood Hotels in 2014; that hotel chain was subsequently purchased by Marriott in 2016, but the breach wasn’t discovered and patched until 2018. A statement from Marriott at the time of the penalty notice said the company was “deeply disappointed” by the proposed fine and both Marriott and British Airways are appealing their fines.
Under GDPR, organizations can be fined up to four per cent of their annual turnover if they’ve been found to be irresponsible with security following a data breach.
The current analysis suggests that only 35% of Business are fully GDPR compliant. The maximum fine under the GDPR is up to 4% of annual global turnover or €20 million, whichever is greater, for organizations that infringe its requirements.
Source: Cyber Security Intelligence