Data Privacy Day is an international event that is commemorated every year on 28 January and represents an opportunity to think about our privacy, internet security, the way companies process personal information of their customers and to measures we can take to safeguard our personal information.

While Data Privacy Day is celebrated worldwide (mostly USA and Canada), Data Protection Day is celebrated in Europe. However, they both have the same goal in mind.

We wanted to celebrate Data Privacy Day 2020 (or Data Protection Day, whichever you prefer) with a throwback on data privacy progress and awareness so far!

100 Data Privacy and Data Security statistics for 2020

1. Influence of the GDPR on Privacy Professions

“GDPR has been a massive driver of growth in the privacy and data protection profession not only in the EU, but also in the United States and around the globe.” IAPP-EY Annual Governance Report 2019

2. Number of DPOs registered across Europe

“New IAPP research indicates that an estimated 500,000 organizations have registered data protection officers across Europe under the GDPR.”  IAPP-EY Annual Governance Report 2019

3. Did companies increase their GDPR readiness?

Does a company have a DPO responsible for overseeing the data protection strategy? IAPP-EY Annual Governance Report 2019

4. Number of reported personal data breaches

“From 25 May 2018 to 27 January 2020 there have been a total of 160,921 personal data breaches notified by organizations to data protection supervisory authorities within the EEA.” DLA Piper GDPR Data Breach Survey 2020

100 Data Privacy and Data Security statistics for 2020

5. Number of breach notifications per day

“For the period from 25 May 2018 to 27 January 2019, there were on average 247 breach notifications per day. For the period from 28 January 2019 to 27 January 2020, there were on average 278 breach notifications per day (a 12.6% increase), so the current trend for breach notifications is upwards.” DLA Piper GDPR Data Breach Survey 2020

6. EU countries with most data breaches

“The Netherlands, Germany and the UK had the most data breaches notified for the 20 months from 25 May 2018 to 27 January 2020, with 40,647, 37,636 and 22,181 respectively. The Netherlands, Germany and the UK also topped the table for the total number of breach notifications in last year’s report.” DLA Piper GDPR Data Breach Survey 2020

7. EU countries with fewest data breaches

The countries with the fewest breaches notified for the full 20 month period were Latvia, Cyprus and Liechtenstein with around 173, 94 and 30 respectively. Last year, Cyprus, Iceland and Liechtenstein came bottom of the table. DLA Piper GDPR Data Breach Survey 2020

8.  EU countries whos citizens heard about the GDPR

“The majority of respondents in all but two countries have at least heard of the GDPR, although proportions range from 90% in Sweden, 87% in the Netherlands and 86% in Poland to 53% in Belgium, and 58% in Cyprus and Estonia. The exceptions are France (44%) and Italy (49%). There are six countries where at least half of all respondents have heard of GDPR and know what it is: Sweden (63%), the Netherlands (60%), Poland (56%), Denmark (51%), Ireland and Czechia (both 50%). ” Special Eurobarometer 487a Report

9. General awareness of the GDPR

“More than two-thirds of Europeans have heard of GDPR.[…] The majority (67%) of respondents have heard of GDPR: 36% have heard of it and know what it is, and 31% have heard of it but don’t know exactly what it is.” Special Eurobarometer 487a Report

10.  Data Protection authority awareness in the EU

“Almost six in ten (57%) say they have heard about the existence of a public authority in their country responsible for protecting their rights regarding their personal data13. One in five have heard of this and know which public authority is responsible, while 37% have heard of it but don’t know which authority is responsible. Just over four in ten (41%) have not heard of such an authority. Awareness of the public authority in their country responsible for protecting their rights regarding their personal data has increased considerably since 2015.” Special Eurobarometer 487a Report

11. GDPR rights awareness

Overall almost three quarters (73%) have heard of at least one right guaranteed by GDPR. Three in ten respondents (31%) have heard of all the rights asked about in the survey, while just over one quarter (27%) have not heard of any of them.

12. Exercise of GDPR granted rights

“In most cases, more than one in ten respondents have already exercised these rights. Almost one quarter (24%) have exercised their right to object to receiving direct marketing. Almost one in five (18%) have exercised their right to access their data, while 16% have exercised their right to correct their data if it is wrong. Just over one in ten (13%) have exercised their right to have their data deleted and to be forgotten, and the same proportion (13%) have exercised their right to move data from one provider to another. Finally, 8% have exercised their right to have a say when decisions are automated.” Special Eurobarometer 487a Report

13. Right to be forgotten and right to delete data

“In 24 countries, at least half of all respondents have heard of the right to have their data deleted and forgotten, with those in the Netherlands (77%), Austria (72%) and Germany (69%) the most likely to have done so. At the other end of the scale, 44% in Bulgaria, 46% in Spain, 47% in Malta and 48% in France have also heard of this right. There are only three countries where at least one in five respondents have exercised the right to have their data deleted and forgotten: Estonia (25%), the Netherlands and the United Kingdom (both 20%). This compares to 7% in Czechia and 8% in Spain and Greece.” Special Eurobarometer 487a Report

14. GDPR rights awareness according to gender

“Men are more likely to be aware of each of these rights, compared to women, and this is particularly the case for the right to have data deleted and forgotten (61% vs 55%) and the right to have a say when decisions are automated (43% vs 38%).” Special Eurobarometer 487a Report

15. GDPR rights awareness according to age

“Respondents aged 15-54 are more likely than those aged 55 or older to be aware of each of these rights. For example, more than 70% of those aged 15-54 are aware of their right to access their data, compared to 52% of those aged 55 or older. Amongst those under 55, those aged 25-39 are generally the most likely to be aware of each right provided by GDPR.”Special Eurobarometer 487a Report

16. GDPR rights awareness according to occupation

“Managers are more likely to be aware of each of these rights than other occupation groups. The longer a respondent remained in education, the more likely they are to be aware of each of these rights. For example, 49% of those who completed education aged 20 or older are aware of their right to have a say when decisions are automated, compared to 22% who completed education aged 15 or younger. “Special Eurobarometer 487a Report

17. The total value of GDPR fines

“The total (reported) fines for the full 20 month period across all countries surveyed was just over €114 million (about US$126 million/ £97 million) which is quite low given that supervisory authorities enjoy the power to fine up to 4% of total worldwide annual turnover of the preceding financial year. France, Germany and Austria top the table for the total value of GDPR fines imposed to date with €51 million, €24.5 million and €18 million respectively.” DLA Piper GDPR Data Breach Survey 2020

statistics showing total of gdpr fines issued in 2020

18. Biggest fines issued so far

And last, but not least, you can read more about the biggest GDPR fines issued so far. Enjoy!

statistics showing 5 biggest gdpr fines

Data Privacy Manager team wishes you Happy Data Privacy Day!

Get 14-days Free Data Privacy Manager Trialor continue reading our statistics 100 Data Privacy and Data Security statistics for 2020