The UK’s Data Protection Authority, the Information Commissioner’s Office (ICO), has received 1,106 complaints since the EU’s far-reaching General Data Protection Regulation (GDPR) came into force on 25th May, according to a report by the International Association of Privacy Professionals (IAPP).
At this stage it’s unclear what legislation the complaints fall under i.e. they could relate to data offences from before 25th May but that have only recently been reported. In such instances, it’s likely they’d fall under The Data Protection Act 1998, not the GDPR or The Data Protection Act 2018.
The report from the IAPP also highlights the number of complaints filed to Data Protection Authorities across Europe.
The Irish Data Protection Commission has received 547 data breach notifications and 386 complaints since 25th May. 403 of the data breach notifications and 89 of the complaints are deemed to fall under the GDPR.
Meanwhile, France and the Czech Republic also rank prominently based on the number of complaints received and account for 426 and approximately 400 complaints respectively.
13 of 28 EU member states, including Germany, Italy, Poland and Spain, either did not have sufficient data on the number of complaints received to date, or didn’t respond in time to feature in the IAPP’s report.
Under the GDPR, organizations can be fined up to 4 percent of annual revenue or 20 million EUR, whichever is higher. The Regulation has been in force for over a month and has led to compliance costs of upwards of £15 million for FTSE 100 organizations.
Tech platforms Google and Facebook were two of the earliest targets for privacy campaigners and privacy activist Max Schems has filed lawsuits against both organizations that could see the tech giants fined upwards of $8 billion.