Why data breach notifications are increasing in the EU?
A report by Linklaters shows a considerable increase in data breach notifications around European markets compared to the first year after the implementation of the EU General Data Protection Regulation ('GDPR'), which ran from 25 May 2018 to 24 May 2019.
In most European countries these notifications have increased. A significant figure is shown in the United Kingdom, whose data breach notifications fell by 17% to a total of 11,499. On the other hand, in France the number of notifications has doubled, representing 97% more than the numbers shown in the first year since the implementation of the GDPR.
In Spain, 1,608 notifications have been reported in the last year, representing a 58% increase over the first year of the GDPR. Poland is also one of the countries with the highest number of notifications, reaching 6,039 in 2019.
According to the Linklaters report, there are several factors that could explain the decline in notifications in the United Kingdom:
• Organisations over-reporting following the initial implementation of the GDPR;
• The UK DPA (the ICO) issued a warning on the over-reporting of data breaches; and
• The UK had particularly high breach notifications compared to other countries in Y1 of the GDPR.
Most breach notifications are caused by the violation of confidentiality by unauthorized third parties. The acts that make up these breaches are as follows:
• External malicious acts, for example, hacking or scam;
• Sending e-mails/documents to incorrect recipients;
• Loss or theft of unsecured devices, such as mobile phones and laptops; and
• Inadequate security measures of data available over the Internet, for example, unproperly secured databases.
“The harmonisation of data protection rules across the EU has been largely successful under the GDPR; however, there are still significant differences among Member States – impacting uniformity of enforcement across the EU. Only harmonising the approach towards the determination of sanctions will not be sufficient, the interpretation of the rules should also be common to all Member States. Businesses need certainty and a more unified approach across the EU”, said Tanguy Van Overstraeten, Partner and Global Head of Linklaters’ Privacy and Data Protection Practice.
“There is also a danger of GDPR fatigue amongst businesses and the Covid-19 crisis is impacting budgets which could limit resources to ensure compliance going forward. The further simplification and harmonisation of data protection rules across the EU will be key to ensure companies can sustain this effort”.
Related links
Main menu