EU expects first GDPR fines to be levied before year-end

These could potentially include UK's ICO investigation into Ticketmaster

EU flag flying

European data protection regulators will soon start issuing the first fines and temporary bans against companies found to have breached the General Data Protection Regulations (GDPR), with the first round of sanctions expected by the end of the year.

That's according to the European Data Protection Supervisor Giovanni Buttarelli, who told Reuters that the various enforcement agencies across each member state have been overwhelmed by a spate of complaints.

"I expect first GDPR fines for some cases by the end of the year," said Buttarelli, in an interview to Reuters. "Not necessarily fines but also decisions to admonish the controllers, to impose a preliminary ban, a temporary ban or to give them an ultimatum."

"The fine is relevant for the company and important for the public opinion, for consumer trust," he added. "But from an administrative viewpoint, this is just one element of the global enforcement."

He added that France alone had seen a 53% increase in the number of complaints against companies, and that queries clarifying various points of the new regulations had also surged across the bloc.

GDPR came into force across Europe on 25 May, including in the UK, representing the biggest shake-up to data protection policies since the introduction of the EU Data Protection Directive in 1995.

Being found in breach of these new rules brings a maximum fine of 20 million, or 4% of global revenue, whichever is higher.

Although enforcement of data protection policies is handled by independent national agencies within each member state, as the EU's Data Protection Supervisor, part of Buttarelli's brief is to coordinate the actions of these agencies.

He believes that those likely to be sanctioned will include companies headquartered across many EU countries, and a number of public bodies, although he refused to elaborate given that these investigations are still ongoing.

The UK's own data protection agency, the Information Commissioner's Office (ICO), is believed to have a number of ongoing investigations that have yet to materialise a sanction, including Ticketmaster, which suffered a breach on its systems in late June. It also recently revealed that it was receiving over 500 calls per week, many of which were data incidents that failed to meet the reporting threshold.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

As part of the interview, Buttarelli also urged companies to cooperate on the EU's overhauling of the e-privacy directive, a policy designed to extend the scope of telecoms rules to cover technology firms.

The e-privacy directive is designed to work alongside GDPR, governing the handling of communications up until the moment where the data subject assumes control, at which point GDPR applies. The directive aims to level the playing field for traditional telecoms companies, who are currently subject to far tougher regulations compared to their internet counterparts, such as Skype and WhatsApp.

However, Buttarelli believes that companies have been dragging their feet over the rules, particularly as the directive was expected to be ready in time for the introduction of GDPR in May.

"E-privacy is simply indispensable. It is essential, it is a missing piece in the jigsaw of data protection and privacy. It would be really a dereliction of duty if the EU cannot update soon before the elections its rules on confidentiality of communication," added Buttarelli, referring to the European Parliament elections to be held in May 2019.

  • privacy
  • General Data Protection Regulation (GDPR)
Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/operating-systems/microsoft-windows/354526/memes-and-viking-funerals-the-internet-reacts-to-the
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020