News & Resources

European companies have experienced tens of thousands of data breaches since the GDPR

  • Posted on

European companies have suffered almost 60,000 data breaches since the GDPR was brought in last year[1].

That's according to a survey which covered 26 European countries where data is available. And, when it comes to the nations that are seeing the most reported breaches, the Netherlands, Germany and the UK are coming out top of the list. At the other end of the scale, Liechtenstein, Iceland and Cyprus have only reported a handful of breaches so far.

The types of breaches being reported range from "minor issues" such as emails being sent to the wrong person, to major cyber hacks. However, as we know here at Hayes Connor Solicitor, the full impact of so-called minor data breaches can be devastating for victims.

What's changed since GDPR?

The introduction of the General Data Protection Regulation (GDPR) in May 2018 coincided with a significant increase in reported data breaches. So it seems that the GDPR has created greater public awareness about individual rights.

Also, under the GDPR, organisations are required by law to report any breaches to the relevant body. In the UK that is the Information Commissioner's Office, so it's no wonder that the number of reported incidents has increased.

Are organisations improving their data privacy processes?

While we still have a long way to go, anecdotal evidence does seem to suggest that more companies are becoming aware of their data protection responsibilities; with many improving their internal governance in response. But there are still too many companies who don't take their obligations seriously.

How to protect yourself from a GDPR data breach

Here are a few steps to help protect your personal information:

  • If you are worried that your financial details have been exposed, contact your bank/credit card provider immediately and ask them to keep a close eye on your account and request a new card
  • Be aware of common phishing techniques and keeping an eye out for fraudsters who attempt to gather additional personal information.
  • Report any suspected phishing attempts to the police and relevant authorities (Action Fraud)
  • Look out for any bills or emails showing goods or services you haven't ordered, or any unfamiliar transactions on your account and alert your bank or card provider immediately if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips (register for updates)
  • Let the credit reference agencies know of any activity that was not down to you
  • Register with the Cifas protective registration service. This will slow down credit applications made in your name with additional verification checks made to ascertain that the applicant is actually you
  • Register with a suitable fraud prevention service
  • Regularly change your passwords on all your accounts (you might want to use a password security tool to help you to do this)
  • Use two-factor authentication where possible
  • Be careful with your social media information. This includes:
    • Not accepting friend requests from people you don't know
    • Being careful about what you share online
    • Removing location data from your posts
    • Checking the privacy settings of all your accounts
    • Reading the T&Cs of any games or apps you want to use
  • Don't download suspicious apps
  • Think twice before clicking on any links
  • If you are concerned that your data might be at risk, ask the organisation in question for a copy of the data they hold about you. This is called making a subject access request (SAR). Find out more about making a SAR. You should also ask for a copy of their acceptable use policy and data protection policy.

Leading by example

At Hayes Connor, we want to stop cybercrime and data breaches. To do this, we are helping to raise awareness of this issue and educating people to prevent data privacy violations from happening.

For more advice on how to keep your data safe, follow us on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber scam, contact us to discuss your case in more depth.


[1] DLA Piper

Contact us