Data Protection Commission reflects on the first year of the GDPR

24th May 2019

Commissioner for Data Protection, Helen Dixon, today marked the first anniversary of the application of the General Data Protection Regulation (GDPR) by acknowledging the strong engagement across the board with the new law.

The GDPR, which applied from 25 May 2018, has marked the start of a new era in data protection standards in the EU and significantly strengthens the rights of individuals as well as increases the obligations on organisations in terms of how they collect and use personal data.

Commenting today, Ms Dixon stated: “The GDPR is a strong new platform from which we can all demand and drive higher standards of protection of our personal information. As the national supervisory authority, the Data Protection Commission (DPC) is firmly committed to its role in public enforcement of the new law, while also working hard to provide guidance to sectors as they seek to comply with the new requirements.

“The DPC is grateful for the positive and energetic engagement with the GDPR that we have seen from all quarters, particularly from consumers and concerned persons who have raised queries about the processing of their personal data with the office.”

The GDPR has given rise to a significant increase in contacts with the DPC over the past 12 months:

  • 6,624 complaints were received.
  • 5,818 valid data security breaches were notified.
  • Over 48,000 contacts were received through the DPC’s Information and Assessment Unit.
  • 54 investigations were opened – 35 of these are non cross-border investigations and 19 are cross-border investigations into multinational technology companies and their compliance with the GDPR.
  • 1,206 Data Protection Officer notifications were received.
  • Staffing numbers increased from 85 at the end of 2017 to 137 in May 2019.

Looking ahead to the next 12 months, the DPC will conclude investigations it has opened into a variety of organisations, including inquiries into certain internet platforms. This will provide welcome clarity on interpretation of key principles of the new law and showcase how the corrective and fining powers afforded to data protection authorities can be utilised.