Data Protection Commissioner: Helen Dixon is preparing verdicts on a number of GDPR investigations into tech multinationals here. Photo: Mark Condren

The number of data breaches in Ireland has been among the worst per capita in Europe in the last year and a half, second only to the Netherlands, a report claims.

DLA Piper's latest GDPR Data Breach Survey claims there were 6,716 data breaches reported in the past 20 months to the Irish Data Protection Commission (DPC) office.

And as Commissioner Helen Dixon gets ready with verdicts on a number of GDPR investigations into tech multinationals here, the DLA Piper report says regulators across Europe have imposed €102.5m in fines under GDPR.

France, Germany and Austria top the rankings for the total value of fines imposed with just over €51m, €24.5m and €18m respectively.

Ireland's Data Protection Commission office has 61 statutory enquiries under way, 21 of which are focused on tech multinational firms.

These include Facebook (8), Twitter (3), Apple (3), Whatsapp (2), Instagram (1), Google (1), Linkedin (1), Quantcast (1) and Verizon Media (1).

The first verdicts to be announced are expected to relate to Twitter and Whatsapp, according to DPC officials.

The GDPR allows for fines of up to 4pc of a company's annual turnover which, in the case of Facebook or Google, would be several billion euro.

However, Ms Dixon has sought to temper expectations of replicating the recent $5bn fine levied by the US Federal Trade Commission on Facebook for privacy violations.

"We're not really looking at $5bn or what the FTC has done," she recently told this newspaper.

The DLA Piper report warns the level of fines under GDPR to date may not be a reliable guide as to what may come.

"The total reported fines for the full 20-month period across all the countries surveyed is quite low given that supervisory authorities enjoy the power to fine up to 4pc of total worldwide annual turnover of the preceding financial year," it says.

"It would be unwise to assume that low and infrequent fines will be the norm going forward. Supervisory authorities across Europe have been staffing up their enforcement teams and getting to grips with the new regime.

"It takes time to build a robust case to justify higher fines. We expect to see more multi-million-euro fines in the coming year."

The firm has also warned of potential class-action suits to come. "There is also an increased risk of follow-on compensation claims, including group litigation which follow a regulatory finding of liability," its report says.

"Litigation funders have billions of euros available to fund claims and, where local civil procedure rules permit, are becoming increasingly active pursuing group litigation claims for large groups of affected individuals on the basis of alleged breaches of GDPR and data protection laws."

Irish Independent