Since May 25, 2018, 206,326(!) GDPR cases have been reported by Supervisory Authorities (SAs) from 31 European Economic Area (EEA) countries.

Of those, 94,622 were initiated by individual complaints and 64,684 due to data breach notification by the controller. 52 percent of these cases have already been closed and 1 percent challenged before national court.

The European Data Protection Board (EDPB) has issued the “First overview on the implementation of the GDPR and the roles and means of the national supervisory authorities.” Here are some more numbers:

  • SAs from 11 EEA countries have already imposed administrative fines according to Article 58.2 (i) GDPR. The total amount of the fines imposed is €55,955,871.
  • 30 different EEA SAs have registered 281 cases with a cross-border component. Of these, 194 derived from complaints by individuals.
  • The three main topics of the cases are related to:
    • the exercise of data subjects’ rights
    • consumer rights
    • data breaches
  • 45 One-Stop-Shop procedures were initiated by SAs from 14 different EEA countries, but this number is increasing steadily
  • 444 mutual assistance requests have been triggered by SAs to other SAs from 18 different EEA countries

Read the full report.