Home Legal News First 12 Months a Mixed Bag for GDPR Impact

First 12 Months a Mixed Bag for GDPR Impact

The first 12 months of the GDPR have seen mixed results, according to European watchdogs.

While the new regulations have been a success in providing a unified framework for data breach notification, this impact has not been matched in imposing fines on companies that mishandle or fail to adequately protect their customers’ personal data.

At a conference in London hosted by the International Association of Privacy Professionals, Stephen Eckersley of the UK Information Commissioner’s Office (ICO) said there had been a “massive increase” in reports of data breaches.

A total of 206,326 cases had been reported across the 31 EU countries in the first nine months of the new regulations, according to a report in February by the European Data Protection Board. Around 65,000 of these were notified to the relevant authority by the data controller and approximately 95,000 were complaints.

Mr Eckersely suggested organisations were reporting breaches on a “just in case” basis. As a result of the surge in notifications, the ICO has established a team dedicated to handling queries from data controllers unsure as to whether they need to make a formal notification.

Eckersley also estimated that there will be around 36,000 breaches reported in 2019, a significant increase from the previous annual reporting rate of between 18,000 and 20,000 breaches.

Since the new regulations took effect, European data protection agencies have issued fines of over €56 million for GDPR breaches. However, €50 million of this was issued to Google by the French data regulator, CNIL, for its “massive and highly intrusive” data security breach.

Mr Eckersely noted that in the UK, fines had been issued to Uber, Facebook and Equifax but that the past year had been mostly focused on legacy investigations.

This message was echoed by European watchdogs, who said the first 12 months of the GDPR “should be considered a transition year” and that they are just “getting started” in issuing fines for GDPR violations.

Mr Eckersely revealed at the conference that the ICO had, in collaboration with counterparts in Netherlands and Norway, established a matrix for agencies to calculate fines, although this would not be publically available.

Lawble
Lawble is a leading legal resource aimed at supporting businesses by providing reliable information, legal resources and links to leading and reputable legal service providers with business specialisms.

Must Read

N244 Form (Where to Find & How to Complete!)

12 minute read Last updated: 13th August 2019 The N244 form is an application notice, used to apply for a court order in the...

Claiming Under the Sale of Goods Act (What You Should Do!)

5 minute read Last updated: 12 August 2019 Claiming under the Sale of Goods Act is the route a consumer should take if they...

Faulty Goods under Warranty (Your Consumer Rights!)

Where an item under warranty develops a fault, the path to remedying the situation may be as straightforward as claiming against your warranty but...

Nemo Dat Quod Non Habet

Nemo dat quod non habet, literally means "no one gives what he doesn't have". This is a legal rule, sometimes called the nemo dat...

Sale of Goods Act (Your Consumer Rights!)

The Sale of Goods Act 1979 states that all goods purchased or sold in the UK must be as described, of satisfactory quality and...