The European Commission has published an infographic on compliance with and enforcement of the GDPR since from May 2018 to January 2019. The infographic reveals some interesting statistics, including:

  • 95,180 complaints have been made to EU national data protection authorities (DPAs) by individuals who believe their rights under the GDPR have been violated. The majority of these complaints concerned telemarketing, promotional emails, and video surveillance/CCTV.

  • An increase in breach notifications to EU DPAs to comply with the 72 hour GDPR breach notification deadline – 41,502 data breaches have been notified to EU DPAs.
  • The EU DPAs have initiated 255 cross-border investigations, following individuals’ complaints and on their own initiative.
  • Three fines have been issued by EU DPAs under the GDPR – Germany imposed a €20,000 fine on a social network operator for failing to protect users’ personal data. Austria imposed a €5,280 fine on a sport betting café for unlawful video surveillance. France imposed a €50 million fine on Google for alleged lack of consent to personalised ads.
  • 23 EU Member States have adapted their national legislation to ensure compliance with the GDPR. Five Member States are still in the process of doing so, including Bulgaria, Greece, Slovenia, Portugal and the Czech Republic.

At a conference at Brussels last week, the Irish DPC confirmed that it had initiated a number of statutory investigations into tech companies with their headquarters in Ireland. Ms Dixon indicated the investigations were mostly at an advanced stage, but that it would likely be June or July before she received an investigation report from her authorised officers, and is in a position to make a final decision on sanctions in the case of an infringement.