1) One year after the GDPR went into effect, most organizations were still not compliant. Only 45% of IT executives claimed their organizations consistently applied encryption strategies. 2) There has been a two-fold increase in the number of annually reported data breach notifications since GDPR and 91 GDPR-related fines have been given in the first 8 months. 3) The largest GDPR fine to date was €50 million imposed on Google and 18 investigations are underway by Ireland's data protection regulator for many tech companies.

1. A Look Back at the First
Year of GDPR
The race to compliance has started,
but most haven’t shifted into gear
May 25, 2018
GDPR goes into effect
of organizations were
not compliant as of
December 20181
were still not
compliant as of
March 20192
Only 45%
of IT executives claim
their organizations apply
an encryption strategy
consistently across the
organization,
up a meager 2% from
the previous year3
71%
62%
2x
Increase in
number of
annually reported
data breach
notifications
since GDPR4
91
GDPR-related
fines given
in the first 8
months5
€400,000
The first GDPR fine6
€20
million
Maximum fine for
small businesses7
€50
million
Largest fine
imposed to date8
18
investigations
underway by
Ireland, lead GDPR
regulator for many
tech companies9
25 of 28
official EU government
websites may not be
GDPR compliant10
Are you GDPR compliant yet?
Find out how Synopsys can help you get there.
Learn more
©2019 Synopsys, Inc. All rights reserved. Synopsys is a trademark of Synopsys, Inc. in the United States and other countries. A list of Synopsys trademarks is
available at www.synopsys.com/copyright.html . All other names mentioned herein are trademarks or registered trademarks of their respective owners.
05/14/19.GDPR-FirstYearHighlights.
The Synopsys difference
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys,
a recognized leader in application security, provides static analysis, software composition analysis, and dynamic analysis solutions that
enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a
combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and
throughout the software development life cycle.
For more information, go to www.synopsys.com/software.
Synopsys, Inc.
185 Berry Street, Suite 6500
San Francisco, CA 94107 USA
U.S. Sales: 800.873.8193
International Sales: +1 415.321.5237
Email: sig-info@synopsys.com
LAP ONE COMPLETE
References
1. Kacy Zurkus, GDPR Implementation Slow but Improving, Infosecurity Magazine, Dec. 7, 2018.
2. Forrester Research, Security Through Simplicity, Dec. 2018.
3. Ponemon Institute, 2019 Global Encryption Trends Study, 2019.
4. Josephine Wolff, How Is the GDPR Doing?, Slate, March 20, 2019.
5. DLA Piper, DLA Piper GDPR Data Breach Survey: February 2019, Feb. 6, 2019.
6. Cuatrecasas, Hospital do Barreiro Fined by Comissão Nacional de Protecção de Dados in 400,000 Euro for Allowing Improper Access to
Clinical Files, Oct. 30, 2018.
7. European Parliament, General Data Protection Regulation, Art. 83(5)–(6), April 27, 2016.
8. Commission Nationale de l’Informatique et des Libertés, The CNIL’s Restricted Committee Imposes a Financial Penalty of 50 Million Euros
Against GOOGLE LLC, Jan. 21, 2019.
9. U.S. Senate Committee on Commerce, Science, and Transportation, Statement of Helen Dixon, Commissioner, Data Protection, Com-
mission of Ireland, Hearing on “Consumer Perspectives: Policy Principles for a Federal Data Privacy Framework”, May 1, 2019.
10. Charlie Osborne, EU Government Websites Infested With Third-Party Adtech Scripts, March 19, 2019.