In response to a new study from law firm DLA Piper, which revealed that more than 59,000 data breaches have been reported across Europe since GDPR was brought in last year, Igor Baikalov, chief scientist at Securonix commented below.
Igor Baikalov, Chief Scientist at Securonix:
“The survey is important in establishing a baseline for the first half a year of GDPR enforcement. The way the numbers are reported is not very helpful though: comparing the total number of breach notifications between Germany and Lichtenstein is silly at best. The only valid country-specific conclusion the survey suggests is that Netherlands’ might have a problem with data breaches, since it tops the chart for both total and per capita number of notifications. Even that conclusion might not directly indicate that Netherlands’ data security is poor, but rather reflects a less forgiving enforcement approach. The latter argument affects the whole baseline, and more useful numbers would be the totals across EU to average out country specifics. There are no prior measurements to judge whether GDPR enforcement improved data security and by how much; the only fact the survey establishes is that GDPR works, and it gives us a reference point to track its progress.
GDPR is an extremely important legislation that will drive data security and privacy to the levels absolutely necessary in the modern highly connected, always-on digital society. For many years security professionals struggled to quantify risk in terms that are understood by the business: money.
The examples of data breaches covered by the press resonate with every security professional – we’re seeing it and reading about it day in, day out. The U.S. desperately needs a measure similar to GDPR, but I’m afraid there will be a lot more pain ahead before we can overcome business opposition.”
DLA Piper GDPR data breach survey: February 2019. Over 59,000 personal data breaches reported across Europe since introduction of GDPR https://t.co/h2xhZVnaAD
— RODO_prawo (@RodoPrawo) February 6, 2019
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.