UK Amongst Top Three GDPR Offenders

The UK is amongst one of the worst offenders, with regards to data breaches under the GDPR legislation.

Research conducted by Precise Security revealed that the Netherlands, Germany and the UK are the top three worst offending countries in the EU, totalling more than 100,000 reported cases. What is perhaps more unsettling is this reported figure is higher than the cases reported in all of the rest of the EU member states combined.

According to the research, the top ten countries who have the highest GDPR data breaches are:

  • The Netherlands – 40,600
  • Germany – 37,600
  • The UK – 22,100
  • Ireland – 10,500
  • Denmark – 9,800
  • Poland 7,400
  • Sweden – 7,300
  • Finland – 6,300
  • France – 3,400
  • Norway – 2,800

Since its introduction in May 2018, it is said more than 160,000 data breaches have been reported in the EU (according to the DLA Piper GDPR Data Breach Survey 2020).

None of these numbers are insignificant. In fact, it goes to show just how valuable personal data is to those who wish to acquire it for malicious reasons.

However, not all the data breaches have been accessed by cyber criminals, some have occurred accidentally as organisations are still coming to terms with what it means to be GDPR compliant.

Some of these ‘human error’ breaches, resulted in the Home Office admitting 100 data breaches in five months pertaining to the EU Settlement Scheme.

However, regulators are beginning to come down hard on organisations that breach GDPR rules by issuing large fines in a bid to encourage others to tighten their data protection belts.

The DLA Piper GDPR Breaches Survey 2020 also revealed that between November 2019 and January 2020, the GDPR related penalties amounted to €48million. The total amount of penalties issued to date, for GDPR breaches since May 2018, is said to be in the region of €450million.

Although the UK is one of the top three offenders of reported instances, regulators are doing their utmost to help control data breaches. €314.9million (almost 70%) was the total amount of fines issued by the Information Commissioners Office (ICO).

The ICO is set to hold the record for the highest intended fine being given to an organisation with British Airways set to receive a €204million fine. This is followed by Marriott International who is set to receive a €110million. Both organisations are still appealing against these fines.

To date, the most expensive GDPR fine was handed to Google by the French equivalent of the ICO, the CNIL. They fined the search engine giant €50million following a data breach.

Are you shocked to see the UK rated so highly compared to other EU states? Are people more likely to report a data breach in the UK compared to other countries?