[BreachExchange] Only a tiny amount of data breaches are seeing GDPR fines

[Destry Winant]

https://www.itproportal.com/news/only-a-tiny-amount-of-data-breaches-are-seeing-gdpr-fines/

With all the talk about the draconic fines that businesses can expect
if they breach GDPR, it’s quite surprising to see how many incidents
actually result in a monetary penalty.

According to latest reports from Digi.me – just 0.25 per cent.

Digi.me says that businesses reported a total of 11,468 data breaches
to the Information Commissioner’s Office (ICO) after GDPR came into
force, on May 25 2018.

Out of that number, the ICO issued a total of 29 penalties, which
brings the rate to 0.25 per cent.

In other interesting takeaways from the report, consumers have raised
37,798 data protection concerns in the same time period.

According to Julian Ranger, founder of digi.me, there is a “clear
problem with individuals and businesses over-reporting to the ICO”.

“This data demonstrates the extent to which the ICO is inundated by
concerns from businesses and the public, the vast majority of which
are not serious enough for any kind of penalty or even to warrant an
investigation,” he says.

Businesses in the healthcare, education and finance industries are the
quickest to report a breach, it was added.

“Businesses and individuals are clearly unsure what constitutes a
serious breachof sensitive data,” he added.

“There is no public confidence that personal data is being handled
responsibly – any organisation that collects personal data should put
an informed consent process in place, which has the double benefit of
putting individuals back in control of their personal data while also
being fully compliant with regulation.”

GDPR, or General Data Protection Regulation, is a new EU-wide
legislation that regulates how businesses gather, store, protect and
share personal data they have on EU citizens. The fines for breaching
GDPR can go up to €20 million.