A report published recently by DLA Piper looks at the impact of GDPR, 18 months on from coming into force across the EU. So far 160 000 breaches have been reported, including:
- 40 000 in the Netherlands;
- 37 000 in Germany; and
- 22 000 in the UK.
The report states that the fines imposed to date total about £100m, with the largest penalty so far being the €50m fine imposed on Google by the French authorities. However, the UK Information Commissioner’s Office has already announced its intention to fine BA £183m and Marriott Hotels £99m; so these figures are clearly going to rise in years to come. Moreover fines may only be a small fraction of the total costs to the company of a data breach: the IBM/Ponemon Institute 2018 Cost of Data Breach Survey found that the largest component of the average $3.86m cost of a data breach was lost business ($1.45m).
Meanwhile Doorstep Dispensariee Ltd, a London pharmacy, became the first UK company to be issued with a fine under the General Data Protection Regulation rules in December. The company was fined £275 000 for its “cavalier attitude to data protection” in regard to the disposal of records about vulnerable care home residents. According to reports, approximately 500 000 documents which included patient names, dates of birth, NHS numbers, medical information and prescriptions were left at back of premises.
Visit the Information Security section of our website to see how we can help you to meet your obligations under GDPR.