GDPR: Where Are We Now?

Five things you need to know about the effect of the EU’s new regulation.
By Zach West Posted on February 20, 2020

1. 160,000 data breach notifications have been made since May 2018.

  • The first eight months since GDPR implementation saw an average of 248 data breach notifications per day. Since then, the average has risen to 278 notifications per day.
  • The Netherlands, Germany, and the UK were top three countries in terms of number of data breaches reported (40,647, 37,636 and 22,181, respectively).

2. Approximately $126 million/€114 million in fines have been imposed so far, with even larger ones on the horizon.

  • Two other notable fines include the $230 million/€213 million levy on UK airline company IAG and the $124 million/€112 million fine on Marriott Hotels for the Starwood breach, which have not yet been finalized.
  • The biggest fine (so far) was one levied by French data protection authority CNIL against Google, at $57 million/€50 million; experts expect bigger fines as regulators become more comfortable with enforcement.

3. Just 28% of organizations said they were fully compliant, according to survey.

  • However, 30% also claimed they were “close to” full GDPR compliance—defined in the survey as meaning they were still in the process of “resolving pending issues.”
  • The pending issues companies struggled with the most in their compliance efforts were “aligning legacy IT systems,” “complexity of GDPR requirements,” and “prohibitive costs to achieve alignment with regulations.”

4. Notably, a majority of executives agree GDPR compliance has had positive secondary effects.

  • 84% of executives from compliant firms agreed becoming GDPR compliant had a positive impact on customer trust, 81% said they believed GDPR compliance bolstered their brand image, and 79% noted better employee morale.
  • 87% of the same executives said GDPR compliance had resulted in improvements in IT systems, and 91% said GDPR compliance led to them to bettering their cybersecurity practices.

5. Keep an eye out for a report by the European Commission on GDPR progress and application, due by May 25, 2020.

  • The report will review progress of GDPR implementation and its application to and by member states.
  • It will also review previous “adequacy decisions” made about third-party countries/international organizations to ensure those third-party countries/international organizations still offer an adequate level of data protection for data transfers.

For more from Leader’s Edge on the ins and outs of the GDPR and other cyber regulations, see Jody Westby’s exploration of the implications these regulations have for M&A, and Rob Boyce’s dive into a report outlining industry concerns about “America’s GDPR”—the California Consumer Protection Act.

Zach West Content Associate Read More

More in Industry

Very Active 2022, Considering…
Industry Very Active 2022, Considering…
2022 is likely to end up, after all announcements, as the second-strongest year ...
Industry The ESG Storm Is upon Us
Are you damned if you don’t…and damned if you do?
Who's to Blame?
Industry Who's to Blame?
Chief compliance officers, even external CCOs and lawyers serving in a complianc...
Relentless Pursuit
Industry Relentless Pursuit
Q&A with Bob Klonk, Chairman and CEO, Unison Risk Advisors and Oswald Companies,...
Shaping the Future
Industry Shaping the Future
The Council’s leadership will be undergoing a transition i...
New Year, New Congress
Industry New Year, New Congress
Despite a divided Congress, we look to make headway on Counc...