In time for the anniversary of the General Data Protection Regulation (GDPR) on May 25th, the European Commission have released an announcement detailing how far the regulation has come.
Overall, the European Commission is pleased with the progress of GDPR, although they recognise that there is still work to do, as not all member states are following the regulation.
The announcement highlights the following:
The GDPR has met the European Commission’s aims to expand the awareness of the general public about their digital rights, with 67% of Europeans having heard of the regulation (an increase on the 4 in 10 being aware in 2015). This is backed up by the fact that data protection authorities across Europe have received over 144,000 inquiries or complaints about GDPR-related topics.
GDPR is already influencing other countries to implement their own regulations, including Chile, Japan, Brazil, South Korea, Argentina and Kenya. There have even been calls for a US equivalent from Microsoft.
Businesses are also taking their responsibilities under the GDPR seriously with over 89,000 breach notifications being submitted to data protection authorities within the required 72 hours.
Of the complaints raised by individuals, the most reported issues concerned telemarketing, promotional e-mails and video surveillance/CCTV.
The announcement also detailed how successful their efforts have been in bringing businesses who breach the regulation to account. There have been over 400 cases registered with the European Data Protection Board across Europe. Almost a third of these cases were initiated by data protection authorities, whereas the remaining 60% were via complaints from individuals.
A number of fines have already been issued to companies who have failed to follow the regulation. Some of these fines include a sports cafe in Austria who were fined €5,280 for unlawful video surveillance, a German social network operator who were fined €20,000 for failing to secure their users’ data, and a lands authority in Malta were fined €5,000 for failing to ensure the necessary security was in place.
* Statistics in this article are taken from the GDPR infographic released alongside the European Commission’s announcement.