The Netherlands ranks second with the highest number of data breaches in Europe since the introduction of the General Data Protection Regulation (GDPR) in May 2018, with 66,527 incidents. Only Germany produced more official reports of data breaches (77,747). This is calculated by international law firm DLA Piper in its annual report on fines and data leaks.
In total, 31 European countries were fined for violating a variety of stricter European data protection laws in European countries. In addition, since January 28, 2020, the number of data leaks has increased by 19 percent and the total penalty has increased by 39 percent as compared to the previous period.
Since the introduction of the GDPR on May 25, 2018, a total of more than 281,000 data leaks related to personal data have been reported to observers. Germany has the most (77,747), followed by the Netherlands (66,527) and the United Kingdom (30,536). France and Italy, with 67 million and 62 million inhabitants respectively, reported only 5,389 and 3,460 data breaches during the same period.
Per capita weighted, Denmark has the most reported data breaches with 155.6 per 100,000 inhabitants. Here too, the Netherlands ranked second, with 150 reports per 100,000 inhabitants.
In the Netherlands, the Dutch Data Protection Authority fined 2.5 million euros. The Italian regulator is the leader in the ranking, with a total ranking of over 69.3 million euros in fines imposed after the GDPR application. Germany and France also have a total penalty amount of 69.1 million and 54.4 million euros respectively.
The largest GDPR penalty ever imposed by the French data security regulator on Google for alleged violations of the principle of transparency and valid consent from users is 5 million.
DLA Piper notes that there are large cultural differences in how countries surveyed with reports and fines. In the Netherlands, a data breech notification was required from January 2016 before the GDPR was introduced. So organizations and companies have been used to create reports here for some time and even when in doubt. In most reports, the regulator does not take any follow-up action. Not so in other countries.
Not all member states of the European Economic Area make the data public about reports of data leaks. This is why DLA Piper has rounded up the numbers.