The first overview on the implementation of the GDPR and the roles and means
of the national supervisory authorities has been published by the European Data Protection Board (EDPB)
Since 25 May 2018, 642 procedures have been initiated to identify the Lead Supervisory Authority (SA) and the Concerned SAs in cross-border cases. Out of the 642 procedures, 306 are closed and the Lead
Up to now, no dispute arose on the selection of the Lead SA.
The total number of cases reported by SAs from 31 EEA countries is 206.326. Three different
types of the cases can be distinguished, namely cases based on complaints, cases based on data breach notifications and other types of cases. The majority of the cases are related to complaints, notably 94.622 while 64.684 were initiated on the basis of data breach notification by the controller. 52 % of these cases have already been closed and 1 % of these cases challenged before national court.
SAs from 11 EEA countries have already imposed administrative fines according to Article 58.2 (i) GDPR. The total amount of the imposed fine is 55.955.871 EUR.
Nine months after the entry into application of the GDPR, the members of the EDPB are of
the opinion that the GDPR works quite well in practice making use of the new way of
cooperation including numerous daily exchanges. The One-Stop-Shop cases that have already
led to an outcome tested some of the core principles of the GDPR and were resolved
smoothly. So far, not a single cross-border case has been escalated to the EDPB level.
Despite the increase in the number of cases in the last months, the SAs reported that the
workload is manageable for the moment, in large part thanks to a thorough preparation
during the past two years by SAs, the Article 29 Working Party and by the Board.
I wish leadership on this side of pond can have an urgency on data protection. Where I am at, data privacy is not even a topic.
I have been refreshing and catching up my understanding on GDPR, as I am developing a course material on the subject.
Data have been so critical in modern day society and economy, the urgent needs for protection have yet to be fully recognized. Almost every other day we hear some major breaches on large amount of personal data, and yet people are still willingly dumping their private information on the Internet, through various open social media.
If you are preparing a GDPR course look at this event which has been recorded. It may help you.
I may provide you with the slides...
Yves Le Roux, (ISC)2 EMEA Advisory Council Co-Chair & Privacy Workgroup Lead
David Higgins, (ISC)2 EMEA Advisory Council GDPR
The GDPR workshop will provide insights from the EAC’s GDPR project, lessons learnt from member experience and take-aways for attendees to use in their organisations. Being held under the Chatham House Rule, it will give an opportunity for members to discuss confidentially their implementation strategies, projects, activities and share tools, techniques and hints and tips from their experience.
Three-hour interactive workshop which will include discussions, the implementation of strategies, projects, activities and share tools, techniques and hints and tips from their experience.
1.Gain insights and learn of the progress from the EAC’s GDPR project
2.Understand common concerns, consider unforeseen obstacles and the best practices that are emerging for dealing with them.
3.Receive guidance and access to a repository of materials to assist delegates with GDPR compliance
4.Forum to share experience in confidence, tools, techniques and hints and tips from lessons learnt to date