Eight months after the landmark rules came into effect, data released by the European Commission provides a glimpse into the law’s application
National data protection watchdogs in the European Union (EU) have received 95,180 complaints from citizens alleging the mishandling of personal data since the General Data Protection Regulation (GDPR) came into effect in May 2018, a joint statement by four senior European Commission officials reveals.
Overall, the officials praised the positive effects of the new privacy rules, noting that not only have EU citizens “become more conscious of the importance of data protection and of their rights”, but also that they are exercising these rights. Indeed, the statement highlights what it calls “the strongest and most modern data protection rules in the world, which are becoming a global standard”.
The complaints were mostly related to activities such as telemarketing, promotional e-mails, and video surveillance. The stats were prepared by the European Data Protection Board (EDPB), which oversees the GDPR’s application across the bloc.
#GDPR in numbers:
The total number of complaints made in Europe is now more than 95000. pic.twitter.com/CWkPU53AWN
— EU Justice (@EU_Justice) January 25, 2019
Meanwhile, organizations have submitted 41,502 notifications of data breaches to the relevant data protection authorities (DPAs) since May 25, 2018. The GDPR mandates that organizations report any such breach to their supervisory DPA within 72 hours after becoming aware of the incident.
In addition, the DPAs have launched 255 investigations into suspected violations of the GDPR. In three cases, penalties have already been imposed. Most importantly, the French data protection watchdog CNIL last week slapped a €50-million fine on Google for GDPR violations. The tech giant has since signaled its plan to appeal the decision.
As a reminder, a breach of the GDPR may entail a fine of either €20 million or worth up to 4 percent of a firm’s global revenue, whichever is greater.
Other than that, the EU’s executive arm noted that five EU member states – Bulgaria, the Czech Republic, Portugal, Slovenia and Greece – have yet to complete the process of adapting their national legislation to the GDPR’s requirements.
For a take on the GDPR’s effect on digital privacy worldwide, we invite you to read Chapter 3 of ESET’s latest Cybersecurity Trends report.