The largest infringement fine imposed since GDPR began was €50 million from regulators in France on Google, which was on the grounds of transparency infringements and a lack of consent.
France, Germany and Austria imposed the highest value of combined fines for GDPR infringement by country; France imposed fines of just over €51 million, while Germany and Austria imposed fines of €24.5 million and €18 million respectively.
In terms of reported data breaches per 100,000 people, the Netherlands topped those rankings with 147.2, which is up from 89.8 per 100,000 from last year. Following in behind was Ireland and Denmark.
Data breach costs on the rise and the financial impact will be felt for years — IBM
The study also found that the data breach notification rate increased by 12.6% across the EU, from 247 per day over the first eight months of GDPR’s tenure (May 2018-January 2019) to 278 over the current year.
Ross McKean, partner at DLA Piper, said: “GDPR has driven the issue of data breach well and truly into the open. The rate of breach notification has increased by over 12% compared to last year’s report, and regulators have been busy road-testing their new powers to sanction and fine organisations.
“The total amount of fines of €114 million imposed to date is relatively low compared to the potential maximum fines that can be imposed under GDPR, indicating that we are still in the early days of enforcement.
“We expect to see momentum build with more multi-million Euro fines being imposed over the coming year as regulators ramp up their enforcement activity.”
Reducing data breaches
It’s clear that there is still work to do regarding effectively avoiding GDPR infringement protecting customer data. But what can tech leaders do to help reduce data breaches within their company’s system?
“A great deal can be achieved in just a matter of weeks,” said Dave Klein, senior director of engineering & architecture at Guardicore. “Certainly organisations should shore up basic hygiene, including vulnerability scanning and patching, and implement strong password enforcement combined with dual factor authentication.
Tech Nation’s cyber security cohort: My1Login company profile
“There is also a need for better elevated account control/expiration procedures, better certificate management practices and control of enterprise services like DNS, Remote Access, AD, and other critical services.”
Additionally, senior director, data governance at Talend, Jean-Michel Franco, said: “Going forward, businesses need to invest in an appropriate data strategy to ensure compliance with the GDPR. This not only means having the right systems in place, but also the right teams and resources to appropriately manage the increasing volumes of data being generated.
“A change must also be made culturally, making transparency and trust central pillars within the business, ensuring that they do not take customer data for granted.
“To thrive, trust will need to play a pivotal role in the future of business. If you cannot build trust with your customers, they will likely begin to withhold their data.”