British companies have fallen victim to more than 10,000 data breaches since GDPR came into force last May, according to a new survey.
The law firm, DLA Piper, found that Britain reported the third highest number of breaches, trailing only the Netherlands (15,400) and Germany (12,600).
DLA’s researchers noted that the Netherlands also had the highest number of breaches per capita, with 89.8 breaches reported per 100,000 people. The UK’s per capita score was 10th and Germany’s 11th.
“GDPR is driving personal data breaches out into the open,” said DLA’s Ross McKean. “Our report confirms this with more than 59,000 data breaches notified across Europe in the first 8 months since the GDPR came into force.”
The legislation ushered in huge financial penalties and a new global standard for data protection. Organisations which fail to comply with the new rules are liable to fines of up to 4 per cent of their annual global turnover.
“The GDPR completely changes the compliance risk for organizations which suffer a personal data breach due to revenue based fines and the potential for US style group litigation claims for compensation,” McKean added.
So far, 91 fines have been issued under the new data protection regime. The largest to date went to Google, which was fined €50 million (£44m) last month for failing to acquire users’ consent for advertising.
Sam Millar, a partner at DLA Piper, said he expects “regulators will treat data breach more harshly by imposing higher fines given the more acute risk of harm to individuals. We can expect more fines to follow over the coming year as the regulators clear the backlog of notifications.”
The Information Commissioner’s Office recorded a sharp rise in data protection complaints in the immediate aftermath of the GDPR deadline. In the five subsequent week, the data protection watchdog recorded 6,281 complaints, more than twice as many as were reported over the same period last year.
British Airways suffered one of the most high profile breaches to have come to light since. As many as 244,000 payments cards may have been compromised during the breach, which took place between mid-April and late-June last year.