Cyber-breaches hit the mark of 50,000 in 26 European countries within 8 months

The General Data Protection Regulation (EU) 2016/679 (GDPR) is one of the regulations in the European Union law that governs data protection and the privacy for every individual that are within the European Union (EU) and the European Economic Area (EEA). It is a replacement for the 1995 Data Protection Directive that now sets the standards for processing data in EU. GDPA regulations also govern the export of personal data outside the EU and EEA areas. The aim of this regulation is to mainly allow an individual to have control over one’s personal data. It affects every company that are governed by the guidelines, however the companies that have more consumer data are affected more than the companies with smaller database. The organizations need to report the exposure of personal data to the national data protection regulators as well as to the victim within 72 hours of becoming aware of such data breaches. The guidelines also lay down stringent security measures for the protection of data and the guilty organization may have to pay a fine up to either 2% of the worldwide annual turnover or €10 million.

Since General Data Protection Regulation 2016/679 came into force, a number of cases including minor attacks such as mis-sent emails and major attacks such as personal data breach, have come out in open within a period of 8 months from 25 May 2018 to 28 January 2019. 91 firms have been levied with heavy fines for such breaches including Google.

Google bore the brunt of the string regulations when Commission nationale de l’informatique et des libertés (CNIL), French data regulator, slapped Google in the face with a fine of €50 million (the biggest fine till date) for not following the European Union’s guidelines on Consumer data protection. The CNIL’s committee stated that Google was unsuccessful in providing its users with the required information about its data consent policies and how their data was being used. Google was also held responsible for not having a valid legal basis for collecting data for the purpose of personalizing its ads. The committee summarized the judgement with holding Google as guilty of ‘lack of transparency as well as valid consent and inadequate information regarding ads personalization’ as per the General Data Protection Regulation (GDPR) guidelines.

As per the GDPR Data Breach Survey by the law firm DLA, for the last eight months since the day GDPR regulation came into force, around 26 European Economic Areas (EEA) countries have reported more than 59,000 data breaches. The Netherlands has reported around 15400 data breaches, thus bringing it on the top of the list. In 2017, DLA Piper become the victim of a cyber-attack itself, where because of a ransomware, the attacker had an access to employees’ emails and documents were also blocked. Germany being the second with 12600 reported cases while with 10600 data breaches, UK comes third in the list. Liechtenstein, Iceland and Cyprus were the last in the list with 12, 25 and 35 cases respectively. UK stood at the tenth position, Germany at eleventh position and French was on the twenty-first position on per capita basis. The whole situation reflects the lack of stringent enforcement approach towards data security. In Germany, the regulators imposed a hefty fine of €20,000 on a company as it failed to protect its employee passwords with cryptographic hashes, in Austria, an organization was fined an amount of €4,800 fine because it was operating an unauthorized CCTV system that surveilled a public sidewalk only partially.

On a concluding note, it is the moral responsibility of an organization to work for the welfare of the consumer by safeguarding their confidential and sensitive information. Many cyber security companies such as Kratikal work with an aim to ensure the same. Cyber frauds will not only continue to give you sleepless nights, but also will come back in many forms. It is therefore very important to be on your toes and develop your system’s immunity with the help of state-of-the-art cyber security solutions such as Vulnerability Assessment and Penetration Testing tools, Phishing simulation tools such as ThreatCop etc.