New cases of breaches of personal data security increased by 8.2% in 2023, a new report from Datatilsynet, the Danish Data Protection Authority, shows.
During the year, Datatilsynet received 9,537 cases of possible personal data security breaches, more than half of its total cases. The number of personal data breaches reported in 2022 was 8,816.
Before GDPR was established, the authority estimated it received about 4,000 cases of breaches of personal data security a year. Since 2020, the amount has more than doubled.
During 2023, Datatilsynet also implemented and launched a new guide to provide quick and practical help for organizations that are dealing with data breaches.
Cases of breaches of personal data security according to the Law Enforcement Act – which are included under the section ‘Competence according to other legislation’ – have also increased during the years. In 2023, the cases went up 7.9%, with a total of 708 cases, compared to 656 in 2022.
Record in new cases
The report also revealed the highest total number of newly created cases to date with 18,062 in 2023, an increase of almost 7% compared to 16,896 cases in 2022.
Besides the subjects of breaches of personal data security, the total also included cases on:
- administration etc;
- hearings on legislative proposals etc;
- inquiries;
- complaints;
- supervision;
- international affairs;
- competence according to other legislation; and
- permits etc.
Cases involving international affairs have also increased, especially since EU GDPR began to apply in May 2018. For 2023, cases were up 4.2%, with 974 inquiries in total.
Whistleblower scheme
During 2023, the authority also carried out an information campaign to increase awareness of the whistleblower scheme which it started just over two years ago.
In total, 149 reports were sent in, up 28% from 2022, covering the mental and psychological working environment, harassment, financial fraud and surveillance.
Of all the reports, 147 were processed, and Datatilsynet found grounds in 48 (33%) to take further action with relevant authorities, including two cases that were handed to the police.
“[Whistleblowers] who for one reason or another do not want to use their workplace’s internal arrangements, (now) have somewhere to go – and therefore it is important to us that they know we exist and are ready to talk to them,” said Karina Kok Sanderhoff, head of the National Whistleblower Scheme.