European regulators have received reports over over 160,000 security incidences. It’s yet more proof that the GDPR laws are working.
It’s a scary high number, but it is showing the success of Europe’s General Data Protection Regulation (GDPR). In all, regulators are dealing with over 160,000 security incidences. This number came out as a result of an analysis by DLA Piper. Essentially, this is what regulators are not only aware of, but dealing with as well. From ZDNet:
Analysis by law firm DLA Piper found that after the General Data Protection Regulation (GDPR) came into force on 25 May 2018, the first eight months saw an average of 247 breach notifications per day. In the time since, that has risen to an average of 278 notifications a day.
“GDPR has driven the issue of data breach well and truly into the open. The rate of breach notification has increased by over 12% compared to last year’s report and regulators have been busy road-testing their new powers to sanction and fine organisations,” said Ross McKean, partner at DLA Piper, specialising in cyber and data protection.
The GDPR Data Breach Survey also calculates the total cost of GDPR-related fines paid so far to be €114m ( $126m/£97m). The largest fine paid so far was one of €50m issued by the French data protection authority, CNIL, to Google over infringements around transparency and consent.
The UK Information Commissioner’s Office has issued two larger fines relating to data-protection infringements, but currently neither of the organisations involved have come to a final agreement over the payments.
In July last year, British Airways was issued with a £183m ($238m/€213m) fine following cyberattacks against its systems that resulted in personal details of around 500,000 customers being stolen by hackers.
The GDPR laws came into force in June of 2018. When it came into force, reaction was divided with some American observers calling it over-burdensome. European digital rights activists and organizations, meanwhile, hailed the law coming into force as the moment Europe entered into a new era of respect for privacy.
Since then, the GDPR regularly kept paying dividends to citizens. This is largely because it pulled the issue of data leaks and breaches out of the shadows and into the open. Before, many corporations would stay silent whenever they were hit with a data leak or breach. Generally, it is best practice to notify those affected, but corporations saw the news headlines after and actively chose to bury or hide such incidences from everyone except senior executives. If anyone saw their information compromised, some might go to the extreme of lying about them being the possible source by saying that it didn’t happen here.
Ultimately, GDPR changed all that – at least for European’s. In February of last year, 8 months after the law came into force, regulators found themselves dealing with 59,000 security incidences. As is evidenced by this latest news, that number is continuing to climb.
Of course, GDPR isn’t just about heavy fines and compelling corporations and companies to come clean about security incidences. The laws also compels a certain degree of transparency to users. Back in December, the Open Rights Group utilized provisions in the GDPR laws to create new tools to help UK citizens learn about how political parties are tracking their movements. The resulting tools were called “Who Do You Think We Are?” It helped shed light on how political parties track and examine information about their voters and target them accordingly. This is something Western citizens can only dream of having.
With evidence continuing to roll in about the positives of GDPR, it seems that doubters of the law will find themselves increasingly in the minority. Further, this kind of overwhelming success suggests that maybe its time North American countries seriously consider looking into adopting similar laws. At least, one can only hope it sparks such a rational reaction.
Drew Wilson on Twitter: @icecube85 and Facebook.