1 year GDPR – taking stock

22 May 2019

Brussels, 22 May - Just a few days short of the GDPR’s first anniversary, the European Data Protection Board surveyed the Supervisory Authorities (SAs) of the EEA and takes stock of the Board’s achievements.

From the very first day of application, the first cross-border cases were logged in the EDPB’s IMI case register, leading to a current total of 446 cross-border. 205 of these have led to One-Stop-Shop (OSS) procedures. So far, there have been 19 final OSS outcomes.

    

{as Default}

Number of procedures initiated by SAs from 21 EEA countries
Germany: Number of procedures initiated by SAs from 7 Regional SAs

    

At a national level, most Supervisory Authorities (SAs) report an increase in queries and complaints received compared to 2017. Over 144.000 queries and complaints* and over 89.000 data breaches have been logged by the EEA Supervisory Authorities. 63% of these have been closed and 37% are ongoing.

Image removed.

Based on information provided by SAs from 27 EEA countries
Germany: Based on information provided by The Federal and 17 Regional SAs

{as Default}

Based on information provided by SAs from 27 EEA countries (Case status information provided for 164633 cases)
Germany: Based on information provided by The Federal and 11 Regional SAs

    

The increase in queries and complaints confirms the perceived rise in awareness about data protection rights among individuals, as shown in the Eurobarometer of March 2019. 67% of EU citizens polled indicated that they have heard of the GDPR, 36% of them indicated that they are well aware of what the GDPR entails. In addition, 57% of EU citizens polled indicated that they are aware of the existence of a public authority in their country responsible for protecting their data protection rights. This result shows an increase of 20 percentage points compared to 2015 Eurobarometer results**.

The EEA SAs have reported that, while the cooperation procedures are robust and efficient works, they are time and resource intensive: SAs need to carry out investigations, observe procedural rules, coordinate and share information with other supervisory authorities.

Looking back on the first 12 months of the EDPB’s work, Andrea Jelinek, Chair of the EDPB, comments:

It has been a challenging first year, but we have reached the goals that we set out to achieve, and we intend to keep up both the work and the pace. Earlier this year, the EDPB adopted its work program for 2019 and 2020. We will also see several cross-border cases carried out by SAs leading to a final outcome in the coming months. Last but not least, we want to continue to listen to and to work together with the people who can give us the best insights into the day-to-day practice of data processing. An ambitious programme, but I am certain that we, as European data protection authorities will find more and more synergies, which will increase our effectiveness.

   

*At the time of the survey, the notion of complaint had not yet been analysed by the EDPB. Up to then, the interpretation of the notion was done by the national supervisory authorities, which may have an impact on the statistics.

**Source European Commission.