Over 3,200 GDPR breaches logged

More than 3,200 breaches of data have been reported to the Data Protection Commission in the seven months since the most comprehensive ever overhaul of EU privacy laws was introduced.

The watchdog said of the 3,609 breaches reported to the office since the implementation of the General Data Protection Regulation (GDPR) on May 25, 3,202 related to the new EU law, while 407 will be dealt with under different legislation.

There has been a number of high-profile data breaches in the months since the GDPR was introduced, and the commission this month announced statutory inquiries into Twitter and Facebook’s compliance with the law following receipt of a number of breach notifications.

The GDPR was ratified in 2016 following four years of negotiation, replacing the existing directive on data protection.

Unlike an EU directive, which can be implemented over a certain time, the regulation was made law once it began on May 25, meaning penalties could be imposed from the beginning.

The regulation is designed to harmonise data privacy laws across Europe and to protect citizens’ data privacy. It not only applies to organisations within the EU but also to firms that do business inside member states.

If companies fail to comply with the regulation, they can be fined up to 4% of annual global turnover, or €20m.

Businesses had to reorganise strategies to handle data following the introduction of the new law, but following difficulties during the bedding in of the new law, a recent report from the Institute of Directors in Ireland suggest it is less of a worry than it was in May.

Just over 1% of directors consider the impact of GDPR compliance to be the single biggest risk factor facing their organisations, according to the institute’s report.

The Data Protection Commission also published guidelines for public representatives relating to the handling of the personal data of their constituents this month, following extensive public consultation.

The watchdog guidelines said the “collection of personal data is specific and the use of personal data is limited to what is required to achieve that purpose”.

More on this topic

Google to cooperate fully with data protection investigation

Companies still confused about data protection requirements

Amazon ‘listens to what users say to Alexa’

Hotel websites leaking customer details, study finds

More in this Section

Trump: Huawei could be part of trade deal with China

Fishermen earn global plaudits for commitment to cleaning oceans

Here are this week's eight business movers

The threat of Brexiteer Boris as prime minister haunts Irish shares


All of the most opulent and OTT gowns from the Cannes Film Festival

H&M has announced its latest incredible designer collaboration – and it goes on sale tomorrow

Ask an expert: What’s the best way to quickly potty train my toddler?

Album review: Flying Lotus - Flamagra

More From The Irish Examiner