PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Over 10,000 GDPR Breaches in UK, Says Law Firm

Across Europe, there have been almost 60,000 personal data breaches, but the amount that companies have been fined remains relatively low. Nevertheless DLA Piper, which published the report, predicts that this year will see more fines for tens and potentially even hundreds of millions of euros.

Adam Smith
 & Adam Smith Contributing Editor

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

There have been 10,600 breaches of the European Union's General Data Protection Regulations (GDPR) since the litigation came into effect on the 25th of May, 2018.

That's according to law firm DLA Piper's GDPR Data Breach Survey, which puts the UK in third place for the highest number of breaches. The only two countries that record a higher number of violations is Germany, at 12,600, and the Netherlands, at 15,400. Across Europe, there have been 59,000 personal data breaches in total.

However, when ranked relative to population, the UK does a little better. Of the 26 EEA countries where breach notification data is available, the UK ranks tenth. The Netherlands, however, still comes in at the top, with 89.8 reported breaches per 100,000 people.

While this sounds concerning, the amount that companies have been fined remains low, especially compared to the maximum fines that regulators could levy. That said, DLA Piper predicts that this year "will see more fines for tens and potentially even hundreds of millions of euros, as regulators deal with the backlog of GDPR data breach notifications [and] will look to EU competition law and jurisprudence for inspiration when calculating GDPR fines"

"Competition regulators are not known to shy away from imposing hefty fines and have imposed some eye-catching multibillion-euro fines recently on large tech companies."

Most notably, Google was penalised with a landmark £44m fine due to the complexity of its advert personalisation. The search giant did not make users aware of the plurality of services that Google uses to manage data, including its Search functionality, YouTube, Google Home, Google Maps, the Play Store, and more.

Similarly, the German FCO has said that Facebook's reported interlinking of its three largest platforms would be a breach of GDPR because of the concerns around end-to-end encryption by default (something WhatsApp, owned by Facebook, has had enabled since 2016, and has tangled with government officials over because of it.) Facebook, however, contends the statement, saying that it is both a misrepresentation of how it handles user data, and that such mergers could be helpful in dealing with election interference across both Facebook and Instagram.

About Our Expert

Adam Smith

Adam Smith

Contributing Editor

Adam Smith is the Contributing Editor for PC Mag UK, and has written about technology for a number of publications including What Hi-Fi?, Stuff, WhatCulture, and MacFormat - reviewing smartphones, speakers, projectors, and all manner of weird tech. Always online, occasionally cromulent, you can follow him on Twitter @adamndsmith

Read the latest from Adam Smith

Read full bio