Malta registers a high incidence of data breach reports per capita

A year ago, 25th May 2018, the EU’s General Data Protection Regulation (GDPR) came into force with a seismic shift in privacy and information rights. It brought new and enhanced privacy and security obligations for organizations. In the run up to May 2018 organizations across the EEA were frantically preparing vast amounts of new documents in light of the impending implementation of the GDPR. During the GDPR – One Year On Conference organised by 21 Academy and 21 Law on the 5th June we looked back at the key developments that have taken place regarding the implementation and enforcement of the GDPR.

During the conference the latest data regarding the implementation and enforcement of the GDPR across the EEA was shared by Maltese Supervisory Authority, IDPC. The key statists are:

  • The total number of cases reported by the National Supervisory Authorities (NSAs) from 31 EEA countries is 281,088;
  • Three different types of cases can be distinguished, namely cases based on complaints, cases based on data breach notifications and other types of cases like investigations. Most of the cases are related to complaints, notably 144,376 while 89,271 were initiated on the basis of data breach notification by the controller and 47,441 other cases;
  • 90% of these cases have been closed, 37% cases are ongoing and 0.1% of these cases challenged before national court;
  • The total amount of the imposed GDPR fine is €56 million.
         *Above illustrations were made available by the IDPC during the GDPR – One Year on Conference

Malta Statistics:

The Information and Data Protection Commissioner (IDPC) is amongst the 11 EEA countries who have imposed administrative fines according to Article 58.2(i) of the GDPR. In Malta, although relatively a small country, a significant number of data breaches have been reported with thw IDPC. According to the figures shared by the IDPC,

  • In 2018 since the GDPR came into effect, 76 complaint cases were logged with the IDPC;
  • Since January 2019 till to data 35 complaint cases registered with the IDPC;
  • A total of 148 data breaches were reported to the IDPC from May 2018 to May 2019;
  • €26,000 administrative fine have been imposed by the IDPC since 25th May 2018.

Evidently, whilst the data breach notification incidence within the EEA stands at 2 breaches for every 100,000 persons living in the EEA the incidence in Malta is much higher and stands at 3 breach notifications for every 10,000 inhabitants.

The IDPC further has stated that during the first year of GDPR, it has taken a mild approach towards imposing of fines on the organizations but now it would be stricter in order to implement and enforce GDPR and Data Protection Act, 2018 in their true spirit.