A study from global law firm DLA Piper has found that there has been more than 59,000 personal data breaches notified to regulators in the eight months since GDPR came into force.
The Netherlands, Germany and the UK topped the table in the report, entitled ‘DLA Piper GDPR data breach survey: February 2019’, with over 10,000 data breach notifications.
The Netherlands, with 89.8 reported breaches per 100,000 people, also topped the list when the number of notifications were weighted against population, followed by Ireland and Denmark, with Greece, Italy and Romania reporting the fewest number of breaches per capita.
“The major gap between the Netherlands with 15,400 data breach notifications and for instance Italy where only 610 data breach notifications were performed might show that in some countries data controllers adopt a prudent approach and prefer to notify a data breach, delegating to the data protection authority to assess it,” explains DLA Piper lawyer Giulio Coraggio on his Gaming Tech Law blog.
“On the contrary, in others data controllers are more reluctant in notifying data breaches and attempt to identify any possible reason why a data breach notification shall not take place. But – given that the gap between countries is so large – I am concerned that in some countries there is still not a culture around data protection compliance. They either are not even aware that a data breach took place or prefer not to notify it, hoping that they will not be investigated by the competent data protection authorities.”
SMP eGaming Regulatory Compliance Manager Phil Knox previously stressed the importance of transparency when it comes to GDPR, telling AffiliateINSIDER that “being clear, open and honest with individuals from the start about who you are, how you use personal data and what for” is essential.