The EU General Data Protection Regulation (GDPR) did NOT make all processing of personal data unlawful, though it seems than many think this, says Michael Kaiser, data protection officer at the Hesse Data Protection Authority in Germany.

Per Kaiser, said the DPA has been inundated with complaints and breach notifications — up 1,200 percent since the GDPR went into effect.

The Irish Data Protection Commissioner has a similar experience.

The DPC had 2,795 breach reports come through its portal in 2017.

Since the GDPR went into effect not even one year ago, the number of reported breaches is at 4,136.

Per Cathal Ryan, assistant commissioner at the DPC, the mantra companies seem to be ascribing to: “When in doubt, report it,” might not be the best approach anymore. Companies may need to instead look a little more closely at whether the breach is a reportable one under the letter of the law.

Details from the International Association of Privacy Professionals.