Editor’s Note: The Data Protection Commission (DPC) is the Irish supervisory authority for the General Data Protection Regulation (GDPR). It also has functions and powers related to other critical regulatory frameworks, including the Irish ePrivacy Regulations (2011) and the EU Directive known as the Law Enforcement Directive. In this recently published information note (October 2019), DPC Ireland shares country-specific statistics and trends related to data breach notifications during the first year of GDPR.
Extract from DPC Ireland Report on GDPR Data Breach Trends
Data Breach Trends from the First Year of the GDPR*
This information note is intended to give an overview of the trends observed by the Data Protection Commission (DPC) over the first year of the mandatory breach reporting regime introduced by the General Data Protection Regulation (GDPR). The statistics and trends discussed in the report capture all data breach notifications received in the first year since the 25th of May 2018, and the total number of breach notifications received by the DPC during that time amounted to 5,818. Of all breach notifications received by the DPC, approximately 4% have been classified a ‘non-breaches’ and did not meet the definition of a personal data breach as per Article 4(12) GDPR.
Since the introduction of the new breach reporting regime, the DPC’s Breach Assessment Unit has undertaken an analysis of breach notifications received from areas within the public and private sector, including those notified by: the financial sector; the insurance sector; the telecommunications industry; the healthcare industry; and law enforcement. Some of the trends and issues identified while conducting theses reviews and from the processing of notifications include late notifications; difficulty in assessing risk ratings; failure to communicate the breach to data subjects; repeat breach notifications; and inadequate reporting.
Review the Complete Report (PDF)Info Note_Data Breach Trends 2018-19_Oct19
* Copyrighted information note shared by permission of Regulations on the Re-use of Public Section Information
- The Data Protection Commission (DPC) Ireland
- A Practical Guide to Personal Breach Notifications under the GDPR (DPC Ireland)