59,000 GDPR Breach Notifications

8 February 2019

I read this week that since 18th May 2018 there have been some 59,000 GDPR breach notifications.

I would speculate that the introduction of GDPR was meant for all the right reasons and with some significant penalties should breaches occur. Has anybody anticipated how on earth 59,000 breaches can be audited and policed? We seem to have gone from one extreme to another without anticipating the outcome of such governance. This is in complete contrast to when PCI compliance was introduced, and I remember one large retailer telling me fines were only equivalent to 1% of the cost of achieving PCI compliance. It would appear lessons have not been learnt.