On January 25, 2019, the European Commission (the “Commission”) issued an infographic on compliance with and enforcement and awareness of the EU General Data Protection Regulation (“GDPR”) since the GDPR took force on May 25, 2018. The infographic revealed that:

  • 95,180 complaints have been lodged with EU national data protection authorities (“DPAs”) under the GDPR. Most complaints were related to the use of CCTV cameras and direct marketing activities (telemarketing and promotional e-mails).
  • 41,502 data breaches have been notified to the DPAs.
  • The DPAs have initiated 255 investigations in the context of EU cross-border processing activities, most of them following individual complaints.
  • Three fines have been issued under the GDPR so far. On September 12, 2018, the Austrian DPA imposed a €5,280 fine on a sport betting café for unlawful video surveillance. On November 21, 2018, the German DPA of Baden-Württemberg imposed a €20,000 fine on a social network operator for failing to protect users’ personal data. On January 21, 2019, the French DPA imposed a €50 million fine on Google for alleged GDPR violations of the transparency, notice and consent requirements.
  • 23 EU Member States have now adapted their national legislation to the GDPR. Five Member States (Bulgaria, Greece, Slovenia, Portugal and Czech Republic) are still in the process of implementing the GDPR.