GDPR: Where Are We Now?

Five things you need to know about the effect of the EU’s new regulation.
By Zach West Posted on February 20, 2020

1. 160,000 data breach notifications have been made since May 2018.

  • The first eight months since GDPR implementation saw an average of 248 data breach notifications per day. Since then, the average has risen to 278 notifications per day.
  • The Netherlands, Germany, and the UK were top three countries in terms of number of data breaches reported (40,647, 37,636 and 22,181, respectively).

2. Approximately $126 million/€114 million in fines have been imposed so far, with even larger ones on the horizon.

  • Two other notable fines include the $230 million/€213 million levy on UK airline company IAG and the $124 million/€112 million fine on Marriott Hotels for the Starwood breach, which have not yet been finalized.
  • The biggest fine (so far) was one levied by French data protection authority CNIL against Google, at $57 million/€50 million; experts expect bigger fines as regulators become more comfortable with enforcement.

3. Just 28% of organizations said they were fully compliant, according to survey.

  • However, 30% also claimed they were “close to” full GDPR compliance—defined in the survey as meaning they were still in the process of “resolving pending issues.”
  • The pending issues companies struggled with the most in their compliance efforts were “aligning legacy IT systems,” “complexity of GDPR requirements,” and “prohibitive costs to achieve alignment with regulations.”

4. Notably, a majority of executives agree GDPR compliance has had positive secondary effects.

  • 84% of executives from compliant firms agreed becoming GDPR compliant had a positive impact on customer trust, 81% said they believed GDPR compliance bolstered their brand image, and 79% noted better employee morale.
  • 87% of the same executives said GDPR compliance had resulted in improvements in IT systems, and 91% said GDPR compliance led to them to bettering their cybersecurity practices.

5. Keep an eye out for a report by the European Commission on GDPR progress and application, due by May 25, 2020.

  • The report will review progress of GDPR implementation and its application to and by member states.
  • It will also review previous “adequacy decisions” made about third-party countries/international organizations to ensure those third-party countries/international organizations still offer an adequate level of data protection for data transfers.

For more from Leader’s Edge on the ins and outs of the GDPR and other cyber regulations, see Jody Westby’s exploration of the implications these regulations have for M&A, and Rob Boyce’s dive into a report outlining industry concerns about “America’s GDPR”—the California Consumer Protection Act.

Zach West Market Intelligence & Insights Associate Read More

More in Industry

Alternative Capital and Brokerage? Still Going Strong
Industry Alternative Capital and Brokerage? Still Going Strong
Q&A with Amrit David, Managing Director in the Investment Bank at Barclays
Industry M&A Utopia
Last year remained record-setting in brokerage M&A, and most signs point to more...
We're Definitely Curious
Industry We're Definitely Curious
Brokerages want to check an insurtech’s industry conformation before buying th...
Back in Fashion
Industry Back in Fashion
Great wealth and greater risk drive growth and M&A in personal lines.
Soft Landing?
Industry Soft Landing?
Several indicators weigh against a sustained hard market.
Brexit: Mergers as Usual
Industry Brexit: Mergers as Usual
While U.K. brokerages remain in a delicate position, some st...