menu

In Spain, data breach notifications increase since the entry into application of the GDPR

Holiday Special, 17 December 2018 Issue

The Spanish data protection authority – Agencia Española de Protección de Datos or AEPD – has received 418 notifications of data breaches since the entry into application of the GDPR. Of these 418 notifications, only 11 have required additional investigation by the DPA.

The GDPR brings strengthened requirements for notifications to DPAs when these incidents occur (generally 72 hours from when an organisation becomes aware of the breach). The increase in data breach notification likely applies to most EU countries, as shown by the numbers we published in the first edition of GDPR Today. This trend is largely positive, since through notification and follow-ups, organisations can audit their own security practices, get feedback, and make their systems and infrastructure more robust, reducing the risk of future breaches. In the short term, users informed of a breach are better informed of risks and can take measures to mitigate harms.

In the latest annual report published by AEPD, the DPA reports that complaints had already increased by 37% from 2015-2017, and that in 2017, the authority received around 10 500 complaints. At the time, the right of rectification and the right to erasure were the rights that data subjects asserted most, claimed by 750 complaints submitted to the AEPD. We are still waiting on numbers from 2018.

Read more about this news here.

Provided by: EDRi