UK citizens dissatisfied with PII protection; €56m GDPR fines so far;

News by Rene Millman

Brussels report finds that €56 million of fines have been handed out since GDPR enacted while UK survey reports that people in the country say businesses aren't doing enough to protect their personal data.

A new survey has found that people in the UK think that businesses aren’t doing enough to protect their personal data.

According to a study carried out by Kaspersky, 41 percent of UK respondents believe that businesses should do more to protect their personal data, including passwords, addresses and bank account details, from hacking.

More than a quarter think there is not enough state support with regards to data security and cyber-protection. While over one-in-ten (12 percent) respondents in the UK have been so concerned by a high-profile data breach that they have shut down one or more of their social media accounts in response.

David Emm, principal security researcher at Kaspersky Lab, said that there is more that businesses can and should do to help protect their customers – including security solutions that significantly mitigate the risk of a successful attack on their systems, running fully updated software, performing regular security audits, performing penetration testing and ensuring that customer data is secure.

"However, there is also much that consumers can do to protect themselves. That includes strengthening their passwords and protecting all their devices," he said.

The news comes as data privacy regulators have counted around 65,000 data breach notifications since the EU's GDPR regulations went into effect. Regulators in 11 EU countries have fined organisations a total of €56 million in that time.

According to a report by the European Data Protection Board, in the first nine months, there were 206,326 cases from supervisory authorities in the 31 countries in the European Economic Area.

"The majority of the cases are related to complaints, notably 94,622, while 64,684 were initiated on the basis of data breach notification by the controller," the EDPB report said. Of these cases, 52 percent have been closed and one percent are the subject of lawsuits before national courts.

The report also found that from 25 May 2018, to 18 February 2019, "no dispute resolutions were initiated. This means that up to now, the SAs were able to reach consensus in all current cases, which is a good sign in terms of cooperation."

"The feedback of the national regulators on this system is really positive," the report said. "A dedicated expert subgroup has been created to ensure the continuous enhancement of the system on the basis of the feedback collected via a dedicated IT helpdesk support provided to the EDPB members by the EDPB Secretariat."

Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, told SC Media UK that this demonstrates that organisations are now truly concerned about complying with various GDPR requirements, including breach notifications.

"However, if we look at this differently, one may reasonably infer that a considerable number of organisations insufficiently protect their data allowing data breaches to happen. Worse, these numbers are just a tip of the iceberg. Nation-state attackers and professional cyber-mercenaries infrequently leave any technical traces, and their intrusions remain widely undetected and thus unreported," he said.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike