As of tomorrow 25 May 2019, the General Data Protection Regulation (GDPR) will have been in force for exactly one year, so let’s have a look at what has happened this year. The GDPR still manages to make it almost daily to the headlines, so the adoption of the GDPR was definitely a watershed moment in the way privacy is appreciated and valued.
To start with, here’s just a few statistics to underline the impact the GDPR has had so far that the European Data Protection Board (EDPB, the EU body that coordinates the work of national privacy regulators) has published: More than 2/3 of all European citizens are aware of the GDPR according to the last Eurobarometer. They are not only aware of the law, but also exercising their rights under the GDPR which has resulted in 144,376 complaints. Organisations are also aware of their duties and up to 89,271 data breach notifications were filed with authorities under the new data breach notification laws.
A lot attention in the build-up to the GDPR has been given to the fines, which could be as high as 4% of the organization’s total global turnover. However, up until now the authorities have been holding back on fining companies, and when they do, the amount of the fine has seemingly been moderate. Apart from the massive €50 million fine awarded to Google, a total amount of circa €6 million has been handed down by the regulators.
This doesn’t seem like much, but regulators have been consistent in stating that this first year is a year of adapting to the new reality. Their attention has gone into educating the public and clarifying the law.
Furthermore, more than 450 large, cross-border cases are being investigated by the EDPB, which are, by their nature, resource intensive: The Supervisory Authorities need to carry out investigations, observe procedural rules, coordinate, and share information with other supervisory authorities.
Looking back on the first 12 months of the EDPB’s work, Andrea Jelinek, Chair of the EDPB, comments:
It has been a challenging first year, but we have reached the goals that we set out to achieve, and we intend to keep up both the work and the pace. (…) We will also see several cross-border cases carried out by SAs leading to a final outcome in the coming months.
It has been a challenging first year, but we have reached the goals that we set out to achieve, and we intend to keep up both the work and the pace. (…) We will also see several cross-border cases carried out by SAs leading to a final outcome in the coming months.
So be prepared to see more major cases making the news in the next few weeks and months. We will continue to keep a close eye on these cases, and we will publish regular updates on how the interpretation of the Regulation evolves. Through our ESOMAR Plus programme we can help you prepare your consent forms so you can avoid getting caught in these breath-taking fines. Just drop us an email or file a request for proposal. You can learn more on our website: https://www.esomar.org/esomar-plus