The General Data Protection Regulation (“GDPR”) has flooded our inboxes and social media for the past year or so. In the eight months since coming into force, it has been mentioned 300,000 times in the media. In comparison, Mark Zuckerberg was mentioned 100,000 times. GDPR even surpassed Beyoncé and Kim Kardashian in Google searches on the 25th May 2018 – the day when the GDPR came into force.
The European Data Protection Board (the “EDPB”) has published an infographic depicting the figures when it comes to compliance, enforcement and awareness of the GDPR. The EDPB is composed of representatives of the national data protection authorities, including Malta’s Office of the Information and Data Protection Commissioner (“IDPC”).
Here is a summary of the main findings of the EDPB, from May 2018 to January 2019:
The number of complaints received by all the Data Protection Authorities (“DPAs”) in Europe. The most common type of complaints related to telemarketing, promotional e-mails and CCTV surveillance.
The number of data breach notifications reported to the DPAs. Companies are obliged to notify their respective DPA within 72 hours after discovering a data breach which could include the accidental or unlawful loss or disclosure of personal data.
The total amount of cross-border cases initiated by DPAs ex officio and on the basis of individual complaints. Cross-border cases are on the rise due to companies offering services throughout Europe.
The amount of Member States that adopted the GDPR into their national law, even though European Regulations are directly applicable in all EU states. Bulgaria, Greece, Slovenia, Portugal and the Czech Republic are still in the process of doing so.
The number of fines issued by DPAs in Europe. A social network operator was fined €20,000 by the German DPA for failing to safeguard its users’ data. A sports betting café was fined €5,280 by the Austrian DPA for unlawful video surveillance. Google was fined €50,000,000 by the French DPA for lack of consent for personalised Ads.