109,000 personal data breaches were reported from January 2022 to January 2023 in the European Union, according to the DLA Piper. And, data protection supervisory authorities across Europe have issued a total of EUR 1.64 billion (USD 1.74 billion/GBP 1.43 billion) in fines since January 28, 2022, reflecting a year-on-year increase in aggregate reported GDPR fines of 50%.
Article 33 of the GDPR requires companies to notify personal data breaches to the supervisory authority, not later than 72 hours since becoming aware of it.
We cannot emphasize often enough how important it is to take immediate action . But, do we also know what exactly needs to be done? Here we have a reminder for you:
If you are the victim of a data leak, it is important to have an overview of the situation as soon as possible. It is important to know what data has been leaked and who was involved in order to determine how to get the situation under control.
A data leak can have major consequences and that is way it is important to limit the damage. Use the overview you have made to see how you can prevent the situation from getting worse.
As soon as you discover a data leak, it is crucial to immediately investigate whether you need to report it to the supervisory authority. Do you think that the data leak does not pose any risks to the rights and freedoms of the victims? Then you don't have to report it. Is the answer yes? Then you must report the data leak within 72 hours.
As we just said: in the event of a data leak, you are not only dealing with the supervisory authority, but also with the people involved. Is there a great risk for them? Then they too must be informed. How do you determine this? By looking at the possible physical, material or immaterial damage. If this damage is significant, those involved must be notified.
Finally, you must register the data leak. The GDPR requires every organization to register all data leaks in their data leak register. Here you must provide a description of the data leak. You have to write down the personal data and people involved, the consequences of the data leak and the measures you have taken.
Fortunately, it does not have to go that far for most organizations. Data leaks can be prevented with the right measures. Earlier, we already shared some tips on how to prevent data leaks with you. With these tips we zoom in on the problems that exist, such as the unsecured sending of sensitive information. Or working on public networks, making your connected devices easily accessible to unauthorized persons.
However, there is more you can do and look out for. When we look at the nature of the data breaches, we see many recurring patterns. Sending data to the wrong person is the biggest cause of data leaks in Europe. That is a shame, because it means that the data loss was not caused by, for example, a phishing attack from the outside. No, most data breaches are caused by human errors.
Fortunately, there are functionalities in secure emailing solutions that can limit making these human errors. Or the possibility to maintain as much control as possible about the exchange of sensitive information during the entire email process. Hereby, there are three parts, or pillars, that are important:
A combination of these pillars will ensure that the chance of a data breach can be limited.
Sharing information unintentionally with the wrong recipient remains the biggest cause of data leaks. In this whitepaper, you’ll find the 3 best practices to avoid data leaking out of your organization.