Expert Data Privacy and Security Blog - Insights from Tsaaro
Skip to content

European Data Breaches & the GDPR

Article by Tsaaro

7 min read

European Data Breaches & the GDPR


Since the GDPR (General Data Protection Regulation) was introduced in 2018, countless organizations have made headlines for violations. (…British Airways, Marriot International Hotels, Austrian Post.)

  • Google received the biggest fine so far in 2020 – €50 million ($56.6 million)
  • Over 220 fines have been handed out for GDPR violations in the first ten months of 2020
  • The total amount of fines issued so far in 2020 exceeds €175 million
  • Only 20% of US, UK, and EU companies are fully GDPR compliant
  • Misdirected emails have been the primary cause of data loss reported to the Information Commissioner’s Office (ICO)

What is a data breach?

A data breach is a security incident in which information is accessed without authorization. Data breaches can hurt businesses and consumers in a variety of ways. They are a costly expense that can damage lives and reputations and take time to repair. As technology progresses, more and more of our information has been moving to the digital world. As a result, cyberattacks have become increasingly common and costly. Globally, the average total cost to a company of a data breach is $3.86 million, according to a study by the Ponemon Institute. This means that at $148 on average per stolen record, online crime is a real threat to anyone on the internet. Corporations and businesses are extremely attractive targets to cybercriminals, simply due to the large amount of data that can be nabbed in one fell swoop.

Why do data breaches occur?

Cybercrime is a profitable industry for attackers and continues to grow. Hackers seek personally identifiable information to steal money, compromise identities, or sell over the dark web. Data breaches can occur for a number of reasons, including accidentally, but targeted attacks are typically carried out in these four ways:

  • Exploiting system vulnerabilities. Out-of-date software can create a hole that allows an attacker to sneak malware onto a computer and steal data.
  • Weak passwords. Weak and insecure user passwords are easier for hackers to guess, especially if a password contains whole words or phrases. That’s why experts advise against simple passwords, and in favor of unique, complex passwords.
  • Drive-by downloads. You could unintentionally download a virus or malware by simply visiting a compromised web page. A drive-by download will typically take advantage of a browser, application, or operating system that is out of date or has a security flaw.
  • Targeted malware attacks. Attackers use spam and phishing email tactics to try to trick the user into revealing user credentials, downloading malware attachments, or directing users to vulnerable websites. Email is a common way for malware to end up on your computer. Avoid opening any links or attachments in an email from an unfamiliar source. Doing so can infect your computer with malware. And keep in mind that an email can be made to look like it comes from a trusted source, even when it’s not.

GDPR: Europe Counts 65,000 Data Breach Notifications So Far

Over the last years, an increasing number of personal data breaches has been reported, especially relating to online systems and services. Such breaches can lead (and have led) to serious impact on the affected individuals’ private lives, including humiliation, discrimination, financial loss, physical or psychological damage or even threat to life.

It is, thus, of critical importance that the data controllers and processors have all the necessary mechanisms in place both for preventing data breaches, as well as for encountering them on time and in an appropriate way.

The General Data Protection Regulation (“GDPR”) is a legal framework that requires businesses to protect the personal data and privacy of European Union (EU) citizens for transactions that occur within EU member states. It covers all companies that deal with the data of EU citizens, specifically banks, insurance companies, and other financial companies.

With the aim to increase the level of data security in Europe, Directive 2002/58/EC (ePrivacy Directive) introduced the GDPR as an obligation for the notification of personal data breaches by the providers of publicly available electronic communication services to competent authorities and affected individuals. The General Data Protection Regulation (GDPR) extends this obligation to all data controllers and processors in all sectors.
Protecting personal information in the event of a data breach?

  • Asset Inventory
  • Vulnerability and Compliance Management
  • Regular Audits on Security Posture
  • Train & Educate Your Staff

For more reach out to Tsaaro!

353 thoughts on “European Data Breaches & the GDPR”

Leave a Reply

Your email address will not be published. Required fields are marked *

Tsaaro Consulting

Introduction: Data protection laws worldwide empower individuals, referred to as ‘Data Subjects’ under the GDPR or ‘Data Principals’ under India’s …

Tsaaro Consulting

In today’s fast-paced, data-driven world, businesses collect large amounts of data and store such information regularly. This data is extremely …

Tsaaro Consulting

In an increasingly digital world, society today is growing around technology that tends to collect and process a large amount …

Tsaaro Consulting

Introduction  It was the Personal Data Protection Bill, 2019 that introduced the concept of “Consent Manager”. In the 2019 Bill, …

Tsaaro Consulting

Introduction In 2023, a significant milestone was achieved with the enactment of India’s long-awaited data protection law, the Digital Personal …

SHARE THIS POST

Would you like to read regular updates from Tsaaro.
Subscribe to our newsletter

Our Latest Blogs

Read what the latest hapennings in the cyber world are and learn what the
experts have to say about them

Call Our Experts:

+91 95577 22103

small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png

We’d love to help your organization achieve your Data Protection goals!

Schedule a complimentary consultation with our Team of Experts.