After one year of enforcement of the GDPR, businesses can learn much from how the provisions of the regulation have been applied and how organizations have been fined.
Enforcement of the General Data Protection Regulation (GDPR) went into effect May 25, 2018. In the approximate span of one year since that date, European data protection authorities confirm that almost 90,000 separate data breach notifications have been received. Note, that’s just the notifications received from organization’s attempting to comply with the GDPR. Those same data protection authorities report that during the same year almost 145,000 complaints and inquiries have been reported by concerned citizens.
While European data protection authorities are less forthcoming regarding the collection of fines levied under the GDPR, several third-party investigations suggest that at least 100 organizations have paid fines for failing to fully comply with the regulation. By analyzing the higher profile fines, business enterprises may be able to glean vital information regarding the future application of the GDPR to their organizations.