GDPR one year on: Large fines expected soon

Speaking at PL&B’s Ireland conference in Dublin on 9 May, Helen Dixon, Ireland’s Data Protection Commissioner, said that she will circulate draft decisions to her EU colleagues this summer. There is a procedure to follow, and that takes time, she said. At the same event, UK ICO’s Head of Regions, Ken Macdonald said that a large fine in the United Kingdom is just a few weeks away.

The European Data Protection Board (EDPB) reports that during the first year of the GDPR, a total of 446 cross-border cases were logged in its cross-border case register, and 205 of these cases have led to One-Stop-Shop (OSS) procedures.

The national DPAs have received 144,000 queries and complaints, and over 89,000 data breaches have been logged. 63% of these cases have been closed and 37% are ongoing.

The DPA co-ordination body, the European Data Protection Board, decided at its 14-15 May meeting to designate representatives for the third annual review of the EU-US Privacy Shield. Austria, Bulgaria, France, Germany, Hungary and the European Data Protection Supervisor will represent the Board during the review.

The Board elected Aleid Wolfsen, Chairman of the Dutch Supervisory Authority, as new Deputy Chair, replacing Willem Debeuckelaere, former Chair of Belgium’s Data Protection Commission.

Wolfsen said: “In the years to come, it is our responsibility as Board to deliver authoritative guidance and sound advice. I will make it my responsibility as Deputy Chair that we take on board all opinions, and ultimately speak with one voice.”

The Board also adopted opinions on the draft lists from Spain and Iceland regarding the processing operations subject to Data Protection Impact Assessments.

The next plenary session will take place 4-5 June 2019. See the EDPB website.

EDPB Chair, Andrea Jelinek, will speak at Privacy Laws & Business’s 32nd Annual International Conference in Cambridge, UK, on 1 July.