Top 3 European countries have more GDPR data breaches than the other member states combined

Mihai-Alexandru Cristea 17/02/2020 | 13:16

A study conducted by Precise Security shows that the Netherlands, Germany and the United Kingdom are the countries with the most GDPR Data Breaches in the EU, totaling more than 100,000 reported cases, a figure that is higher than the cases reported in the other member states combined.


The Netherlands and Germany lead in this standing almost head-to-head, with 40,600 and 37,600 data breaches respectively, while the United Kingdom comes in third with 22,100 reported cases. The top 10 is completed by Ireland (10,500 cases), Denmark (9,800), Poland (7,400), Sweeden (7,300), Finland (6,300), France (3,400) and Norway (2,800).

GDPR (General Data Protection Regulation) was introduced by the EU in May 2018, with more than 160,000 data breaches being reported since according to the DLA Piper GDPR Data Breach Survey 2020. The rising number of cases goes to show how valuable personal data is and the lengths hackers or otherwise malevolent organizations are willing to go in order to acquire this information. Of course, not all data breaches are due to such activities, with many well-intentioned organizations still struggling to understand the new standards of data privacy and thus failing to comply with them, despite huge potential fines.


Top 10 GDPR-breaching countries: EUR 48 million worth of fines in just 3 months

According to data from the same study, in only 3 months (November, December 2019, and January 2020), increased with EUR 48 million, the total figure of GDPR related penalties reaching EUR 450 million since its introduction in May 2018. Almost 70% of the total figure was imposed by the UK’s Information Commissioner’s Office – EUR 314.9 million, the bulk of this sum being directed to just two organizations: British Airways (EUR 204 million – the highest data breach penalty in the world) and Marriott International, Inc (EUR 110 million). Google closes the top 3 in GDPR penalties, having received a EUR 50 million fine from France’s data protection regulator, CNIL.


Later edit: ICO’s fines against British Airways and Marriott International, Inc are actually a “notice of intent” and thus are not final, the two companies currently fighting to overturn, or at least decrease, the penalties. This makes Google’s EUR 50 million fine from CNIL the largest final and binding fine ever issued for a GDPR related breach, until a final resolution will be reached in ICO’s two high-profile cases. You can track all GDPR fines on Privacy Affair’s GDPR Fines Tracker & Statistics.

BR Magazine | Latest Issue

Download PDF or read online: September 2022 Issue | Business Review Magazine

The September 2022 issue of Business Review Magazine is now available in digital format, featuring the main cover story titled “Transilvania Investments paves its way to a sustainable
Mihai-Alexandru Cristea | 21/09/2022 | 14:17

You will receive a download link for the latest issue of Business Review Magazine in PDF format, based on the completion of the form below.

I agree with the Privacy policy of
I agree with the storage and handling of my data by

Close ×

We use cookies for keeping our website reliable and secure, personalising content and ads, providing social media features and to analyse how our website is used.

Accept & continue