To coincide with the first anniversary of the General Data Protection Regulation (GDPR), the European Commission released the first results of a special Eurobarometer which reveals the thoughts of 27,000 respondents across the EU. The full Eurobarometer results will be release on 13 June 2019.

The infographic shows the awareness, compliance and enforcement of the GDPR.

Key figures are:

  • 67% of Europeans are aware of the GDPR.
  • 57% of Europeans know that there is a public authority in their country responsible for protecting their rights about personal data.
  • 144,367 complaints have been referred to the EC by supervisory authorities since May 2018.
  • Most complaints are made about telemarketing, promotional emails and CCTV.
  • 89,271 data breach notifications have been made.
  • Data protection authorities may impose fines of up to 4% of turnover – the highest fine to date was €50,000,000 imposed on Google by the French supervisory authority for lack of consent on advertisements.

Irish figures

In Ireland, the Data Protection Commission (DPC) has also released a statement to mark the first anniversary of the GDPR, setting out the following information on the impact of the GDPR in Ireland since 25 May 2018:

  • 6,624 complaints were received
  • 5,818 valid data security breaches were notified
  • Over 48,000 contacts were received through the DPC’s Information and Assessment Unit
  • 54 investigations were opened – 19 of these are cross-border investigations into multinational technology companies and their compliance with the GDPR
  • 1,206 Data Protection Officer notifications were received
  • Staffing numbers in the DPC increased from 85 at the end of 2017 to 137 in May 2019

Google under investigation

Separately, the DPC has commenced a statutory inquiry into Google Ireland Limited’s processing of personal data in the context of its online Ad Exchange. The purpose of the inquiry is to establish whether processing of personal data carried out at each stage of an advertising transaction complies with the GDPR. The GDPR principles of transparency and data minimisation, as well as Google’s retention practices, will also be examined.