Still many data leaks

15 juli 2019

Research by the Dutch Data Protection Authority (DPA) shows that, despite the introduction of the GDPR, there is still a significant influx of reported data leaks. That number is not representative of the number of companies not complying with GDPR regulations, but rather just the number of reported data leaks to the DPA. So what should you as a business actually do when you discover a data leak?

Tens of thousands of data breaches

According to the DPA, there were nearly 21,000 reports of data leaks in 2018. In the first five months of 2019, there were 8,000 reported leaks. Many of these reports come from these three sectors: health and well-being, financial services, and public administration.

In the past two months, data breaches were reported to the DPA by multiple organisations in the three sectors listed above. But the fact that DPA is in charge of enforcing the rules of the GDPR does not mean the DPA is exempt from risk. In May of this year, the DPA reported its own data leak—clear proof that it’s not so simple to comply with the GDPR rules.

GDPR compliance in human hands

The most common cause of data leaks is human error. Over three quarters, 77% of the total number of data breaches, were the result of human errors.

It is still often the case that companies aren’t properly protected from information leaks. Businesses use storage solutions for sensitive information that are much too simple, which allows unauthorized individuals to access that information.

Mandatory reporting

Since 2016, it is mandatory to notify the Dutch DPA of any data leak. Due to the many reports that the DPA receives, the government has granted 3.4 million euros in additional budget to the organisation that monitors the practical application of the GDPR rules, allowing them to perform that task even better in the coming year. 

If a data leak forms a risk for the privacy of the individuals involved, and the leak is not reported, the DPA can issue a fine of up to 10 million euros or 2% of the annual global revenue. If you fail to report a data leak to the DPA and do not inform the individuals affected, you can even be charged with two violations, with a total fine of maximum 20 million euros or 4% of the annual revenue.

Simple ways to avoid a data breach

Compliance with privacy laws is central in DataChecker’s optimization of business processes. By using our solutions, like ID Check, RTW Check, Portal/API, Consumer Check, and Company Check, all personal data transfers are encrypted and processed according to the GRPD rules, avoiding unnecessary risks. Would you like more information about that process? Simply reach out and contact our team. Our specialists are at your service.