Data Breach Trends from the First Year of the GDPR

This information note is intended to give an overview of the trends observed by the Data Protection Commission (DPC) over the first year of the mandatory breach reporting regime introduced by the General Data Protection Regulation (GDPR). The statistics and trends discussed below capture all data breach notifications received in the first year since the 25th of May 2018.

Since the introduction of the new breach reporting regime, the DPC’s Breach Assessment Unit has undertaken an analysis of breach notifications received from areas within the public and private sector, including those notified by: the financial sector; the insurance sector; the telecommunications industry; the healthcare industry; and law enforcement. Some of the trends and issues identified whilst conducting theses reviews and from the processing of notifications include: late notifications; difficulty in assessing risk ratings; failure to communicate the breach to data subjects; repeat breach notifications; and inadequate reporting.

Data Breach Trends from the First Year of the GDPR - Full Information Note