The European Commission this week published an infographic entitled 'GDPR in numbers' which includes findings and statistics tracked from May 2018 to January 2019 concerning compliance, enforcement and awareness of the new rules. The infographic charts the increase in awareness of the GDPR noting "during the peak month of May 2018 GDPR was searched more often on Google than American superstars Beyoncé and Kim Kardashian."
95,180 complaints were lodged with the EU Data Protection Authorities ("DPAs") with the most common type of complaint more generally relating to telemarketing, promotional e-mails and video surveillance.
41,502 data breach notifications were lodged. The Irish DPA, the Data Protection Commission ("DPC"), noted that in the first two months since the implementation of the GDPR it had received 1,184 data breach notifications, more than doubling the average monthly notifications of 230 received each month in 2017. 255 cross-border cases have been initiated by the EU DPAs.
The infographic outlines fines issued by the:
- German DPA on a social network which failed to secure users' data – €20,000;
- Austrian DPA on a sports betting café for unlawful video surveillance – €5,280; and
- French DPA on Google for lack of consent on ads – €50,000,000 (see our article here).
Interestingly, reference to the fines imposed by the Portuguese DPA on the Barreiro Hospital is omitted. Two fines were imposed on the Hospital: one for a failure to respect patient confidentiality and to limit access to patient data (€300,000) and the other for the Hospital's inability to ensure data security and data integrity (€100,000).
Lastly, five countries are yet to adopt the required national legislation to ensure compliance with the GDPR, those being Bulgaria, Greece, Slovenia, Portugal and the Czech Republic.
We are awaiting comprehensive annual statistics from the DPC regarding the number of breaches and complaints post 25 May 2018 and it will be interesting to see how the awareness of GDPR compares in Ireland to our EU counterparts. More importantly, the first fine to be imposed by the DPC is hotly anticipated given the influence the DPC holds in the EU.