Almost 60,000 data breaches reported since May

A person on a laptop to depict hacking
(Image credit: Shutterstock)

Since the General Data Protection Regulation (GDPR) came into force over 59,000 data breaches have been reported across Europe.

Law firm DLA Piper has published its GDPR Data Breach Survey, which details the number of reported cases in the eight months since the regulations came into force.

According to the law firm, being able to hold organisations to account over breach cover-ups has resulted in a more open approach to security breaches.

Student Loans Company hit by a million cyber attacks last year General Data Protection Regulation (GDPR)

"The GDPR completely changes the compliance risk for organisations which suffer a personal data breach due to revenue based fines and the potential for US-style group litigation claims for compensation," said Ross McKean, a partner at DLA Piper specialising in cyber and data protection.

"As we saw in the US when mandatory breach notification laws came into force, backed up by tough sanctions for not notifying, the GDPR is driving personal data breach out into the open. Our report confirms this with more than 59,000 data breaches notified across Europe in the first 8 months since the GDPR came into force."

The Netherlands, Germany and the UK topped the table in the report with approximately 15,400, 12,600, and 10,600 reported breaches respectively. The lowest numbers of reported breaches were made in Liechtenstein, Iceland and Cyprus with 15, 25 and 35 reported breaches respectively.

Weighing the breach reports against the countries population still saw the Dutch come out on top, with 89.8 reported breaches per 100,000 people. In this category, Ireland and Denmark made up second and third respectively.

Of the 26 European Economic Area (EEA) countries where breach notification data is available, the UK came in tenth, Germany eleventh and the French twenty-first on a reported fine per capita basis.

According to Igor Baikalov, the chief scientist at Securonix, the way the numbers are reported is not very helpful though. He said that comparing the total number of breach notifications between Germany and Lichtenstein is "silly at best" and the only valid country-specific conclusion the survey suggests is that the Netherlands might have a problem with data breaches since it tops the chart for both total and per capita number of notifications.

However, even that conclusion might not directly indicate that the Netherlands data security is poor, but rather it reflects a less forgiving enforcement approach.

"The latter argument affects the whole baseline and more useful numbers would be the totals across EU to average out country specifics," he said. "There are no prior measurements to judge whether GDPR enforcement improved data security and by how much; the only fact the survey establishes is that GDPR works and it gives us a reference point to track its progress."

Bobby Hellard

Bobby Hellard is ITPro's Reviews Editor and has worked on CloudPro and ChannelPro since 2018. In his time at ITPro, Bobby has covered stories for all the major technology companies, such as Apple, Microsoft, Amazon and Facebook, and regularly attends industry-leading events such as AWS Re:Invent and Google Cloud Next.

Bobby mainly covers hardware reviews, but you will also recognize him as the face of many of our video reviews of laptops and smartphones.