Rise in data breach notifications post-GDPR

Since the GDPR (General Data Protection Regulation) came into effect on 25 May 2018, there has been a substantial rise in data breach notifications.

Although the GDPR is an EU regulation, it can still apply to organisations across Asia-Pacific.

The GDPR expands the rights of EU residents to control how their personal information is collected and processed, and places a range of new obligations on organisations to be more accountable for data privacy and protection. The Regulation affects any organisation that offers good and services to, or monitors the behaviour of, EU Residents.

You may have received a flurry of emails in the run-up to 25 May from companies that were required to contact you in order to let you know that they hold your personal data, and give you the option to receive a copy of that information.

People have become more aware of their data being at risk and know more about how to maintain their digital privacy.

First complaint received within an hour

As reported by CNN Tech, on the day the GDPR came into effect, Max Schrems’ data privacy rights organisation, NOYB (None of Your Business), filed four complaints over “forced consent” against Google Android in France, Facebook in Austria, WhatsApp in Germany and Instagram in Belgium. NOYB said that users are forced to agree to their data being collected in order to use the sites or apps.

Since then, these organisations have altered their internal rules, privacy settings and policies to handle confidential information in line with the data’s vulnerability and sensitivity.

Complaints flood in

Since the GDPR took effect, IAPP (International Association of Privacy Professionals) has reported the following numbers:

  1. UK – 1,124 complaints received within 26 days.
  2. Poland – 756 complaints received within 37 days.
  3. Ireland – 547 data breach notifications and 386 complaints received within 32 days.
  4. France – 426 complaints received within 24 days.
  5. Czech Republic – Approximately 400 complaints received within 26 days.
  6. Netherlands – 170 complaints received within 14 days.
  7. Romania – 145 complaints received within 14 days.
  8. Greece – 113 complaints received within 34 days.
  9. Slovenia – 102 complaints received within 25 days.
  10. Bulgaria – 91 complaints received within 28 days

The European Commission proposed there should not be any conflict between courts for efficient functioning of the internal markets. They should work smoothly in full cooperation.

Likely punishment

A breach of an individual’s right to privacy is a serious offence.

The GDPR raised the maximum fine for fraudulent practices to €20 million or 4% of the company’s annual global turnover – whichever is higher.

The UK ICO (Information Commissioner’s Office) is anticipating more complaints as people become more aware of their rights.

To understand what the GDPR means for companies in Asia-Pacific, download a copy of our free green paper EU GDPR – A Compliance Guide >>

IT Governance offers a range of services to help organisations prepare for the GDPR. We support clients in a number of industries, and whether you’re an SME or a multinational, we can tailor our services to your needs.

Find out more about our GDPR services >>