A total of 35 personal data breaches were reported in Cyprus in the eight month period since the implementation of the new EU General Data Protection Regulation (GDPR) according to a survey carried out by DLA Piper.
In absolute numbers this puts Cyprus third from the bottom among 26 EU and EEA countries that had public notifications of such breaches.
According to the report, from May 25, 2018 to January 28, 2019, there have been more than 59,000 personal data breaches notified to regulators ranging from minor breaches, such as errant emails sent to the wrong recipient, to major cyber hacks affecting millions of individuals and making front page headlines.
The Netherlands tops the table with 15,400 notifications, followed by the Germany with 12,600 and the UK with 10.600.
The lowest number were in Liechtenstein with 15, followed by Iceland with 25.
But in terms of per capita breaches, Cyprus with 2.2 per 100,000 of the population was ranked 17th with Greece having the lowest with 0.5 per 100,000 of the population.
The Netherlands was again top of the table with 89.8 per 100,000 of the population, followed by Ireland with 74.9 and Denmark with 55.3.
According to the report many of the fines imposed over the last year have been under the pre-GDPR regimes, which typically only permitted regulators to impose fines at much lower amounts.
So far 91 reported fines have been imposed under the new GDPR regime. Not all of the fines imposed relate to personal data breach. The highest GDPR fine imposed to date is €50 million, notably not relating to a personal data breach. This was a decision by the French data protection authority – the CNIL – made against Google in relation to the processing of personal data for advertising purposes without valid authorization.
Cyprus also reported four fines, with a total value of €11,500 the report said.
