How has GDPR enforcement played out in the past year?

The Dutch Data Protection Authority (Autoriteitpersoonsgegevens, or AP) recently published a report on its 2018 activities.

The report highlights the growth of GDPR enforcement actions:

  • 27,000 people contacted the AP by telephone about the Privacy Act (2017: 9,500).
  • AP received more than 11,000 complaints.
  • AP

Since May 25, 2018, 206,326(!) GDPR cases have been reported by Supervisory Authorities (SAs) from 31 European Economic Area (EEA) countries.

Of those, 94,622 were initiated by individual complaints and 64,684 due to data breach notification by the controller. 52 percent of these cases have already been closed and 1 percent challenged before national court.

Now serving complaint #6241…

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) has published guidelines on how it will prioritize the handling of complaints filed with it under the EU General Data Protection Regulation (GDPR).

Criteria include:

  1. How harmful is the alleged violation for the individual(s)? This depends on nature of data and nature of the