It’s been nearly a year since the European Union’s General Data Protection Regulation (GDPR
) became enforceable. In that span of time, news outlets have reported various stories largely concerning the regulation and its penalties scheme
. In January 2019, for instance, the world learned that France’s data protection regulator CNIL had fined Google 50 million euros for “lack of transparency, inadequate information and lack of valid consent regarding ads personalization,” as reported by BBC News
. Several months later, officials in the UK and Ireland told The Wall Street Journal
that they expected to announce large fines for other organizations beginning in the summer of 2019.Notwithstanding this coverage, the significance of GDPR’s one-year anniversary extends beyond regulatory fines and penalties. The European Data Protection Board (EDPB) confirmed as much in its first overview report
of the regulation. This publication sheds light on how the national supervisory authorities (SAs) of EEA (the European Union 28, Iceland, Norway and Liechtenstein) have worked together to consistently enforce the GDPR within its first year.Let’s take a moment now to examine the main findings of this report.Implementation at the National LevelThe EDPB report found that the SAs of EEA reported a total of 206,326 cases within the first year of GDPR’s implementation. All of these cases pertained to one of three subject matters. Close to half (94,622) dealt with complaints, ..