EU expects first GDPR fines to be levied before year-end

These could potentially include UK's ICO investigation into Ticketmaster

EU flag flying

European data protection regulators will soon start issuing the first fines and temporary bans against companies found to have breached the General Data Protection Regulations (GDPR), with the first round of sanctions expected by the end of the year.

That's according to the European Data Protection Supervisor Giovanni Buttarelli, who told Reuters that the various enforcement agencies across each member state have been overwhelmed by a spate of complaints.

"I expect first GDPR fines for some cases by the end of the year," said Buttarelli, in an interview to Reuters. "Not necessarily fines but also decisions to admonish the controllers, to impose a preliminary ban, a temporary ban or to give them an ultimatum."

"The fine is relevant for the company and important for the public opinion, for consumer trust," he added. "But from an administrative viewpoint, this is just one element of the global enforcement."

He added that France alone had seen a 53% increase in the number of complaints against companies, and that queries clarifying various points of the new regulations had also surged across the bloc.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

GDPR came into force across Europe on 25 May, including in the UK, representing the biggest shake-up to data protection policies since the introduction of the EU Data Protection Directive in 1995.

Being found in breach of these new rules brings a maximum fine of 20 million, or 4% of global revenue, whichever is higher.

Although enforcement of data protection policies is handled by independent national agencies within each member state, as the EU's Data Protection Supervisor, part of Buttarelli's brief is to coordinate the actions of these agencies.

He believes that those likely to be sanctioned will include companies headquartered across many EU countries, and a number of public bodies, although he refused to elaborate given that these investigations are still ongoing.

The UK's own data protection agency, the Information Commissioner's Office (ICO), is believed to have a number of ongoing investigations that have yet to materialise a sanction, including Ticketmaster, which suffered a breach on its systems in late June. It also recently revealed that it was receiving over 500 calls per week, many of which were data incidents that failed to meet the reporting threshold.

Advertisement - Article continues below

As part of the interview, Buttarelli also urged companies to cooperate on the EU's overhauling of the e-privacy directive, a policy designed to extend the scope of telecoms rules to cover technology firms.

The e-privacy directive is designed to work alongside GDPR, governing the handling of communications up until the moment where the data subject assumes control, at which point GDPR applies. The directive aims to level the playing field for traditional telecoms companies, who are currently subject to far tougher regulations compared to their internet counterparts, such as Skype and WhatsApp.

However, Buttarelli believes that companies have been dragging their feet over the rules, particularly as the directive was expected to be ready in time for the introduction of GDPR in May.

"E-privacy is simply indispensable. It is essential, it is a missing piece in the jigsaw of data protection and privacy. It would be really a dereliction of duty if the EU cannot update soon before the elections its rules on confidentiality of communication," added Buttarelli, referring to the European Parliament elections to be held in May 2019.

  • privacy
  • General Data Protection Regulation (GDPR)
Featured Resources

Digital Risk Report 2020

A global view into the impact of digital transformation on risk and security management

Download now

6 ways your business could suffer if you don’t backup Office 365

Office 365 makes it easy to lose valuable data regularly, unpredictably, unintentionally, and for good

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now

8 digital best practices for IT professionals

Don't leave anything to chance when going digital

Download now
Advertisement

Most Popular

Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

10 Feb 2020
Visit/network-internet/domain-name-system-dns/354861/firefox-activates-dns-over-https-for-us-users-by
Domain Name System (DNS)

Firefox activates DNS over HTTPS for US users by default

26 Feb 2020
Visit/it-legislation/28174/what-is-the-computer-misuse-act
Policy & legislation

What is the Computer Misuse Act?

17 Feb 2020