Skip to main content
close search
site logo
Dive Brief

GDPR watchdogs bulk up budgets, but COVID-19 slows investigations

Published June 26, 2020
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Kendall Davis

Dive Brief:

  • Member states of the European Union increased their budgets by 49% and staffing by 42% between 2016 and 2019, for all national data protection authorities, according to a report published by the European Commission in regards to the General Data Protection Regulation (GDPR). 
  • To accommodate companies with consumers across borders, GDPR regulators established a "one stop shop" governance system so an entity only has "one data protection authority as interlocutor," according to the report. Since GDPR's 2018 enactment, 141 draft decisions and 79 final decisions were made through the "one stop shop." 
  • The majority of EU citizens, 60%, are aware of their right to access personal data collected by public administrations, according to a survey from the European Union Agency for Fundamental Rights. However, only half of citizens are aware their rights extend to private companies.

Dive Insight:

The European Commission's report is a testament to the progress GDPR has made in terms of consumer data privacy rights. The report is also evidence that there are areas for improvement — namely giving the regulation some teeth.

As watchdogs bulk up budgets and staff to respond to more infringements, a degree of consistency should follow, Aaron Tantleff, partner in Foley's Privacy, Security and Information Management & Technology Transactions and Outsourcing Practices, told CIO Dive. "Based solely on my own experiences … when a penalty is issued, they are smaller in nature if the organization is the party that alerts the supervisory authority," as opposed to the authority finding out by other means. 

While, COVID-19 has contributed to a decline in investigations, companies shouldn't expect 2020 to be clear of enforcement, he said. Just because fines haven't been as robust as anticipated, the side effects of GDPR are evident: "Curtail behavior that society deems unacceptable." 

As a result of GDPR and impending legislation in the U.S., such as the California Consumer Privacy Act, businesses have invested millions in data protection. "This is an investment that would not have happened but for the GDPR," said Tantleff.

Regulators historically cite budgets as a reason they can only pursue so many infringements. There was a boost of regulatory activity in 2019, but "penalties handed out have generally been smaller than what many had anticipated," said Tantleff. "The potential for significant fines remains, but what's been handed down has hardly been viewed as overbearing." 

Some member states have been more aggressive in their pursuit of infringements, while others have yet to issue a fine. Between GDPR's May 2018 enactment and January, 28 EU member states reported upwards of 160,000 breach notifications. With the exception of penalties handed down by the UK's ICO, during that time frame, data privacy watchdogs issued $126 million in fines. Research suggests that there shouldn't be an expectation of "low and infrequent" fines. 

The public sector, media, telecommunications and utilities lag the most in GDPR compliance. Companies issued the heaviest fines under GDPR include:

  • British Airways ($230 million) and Marriott International ($124 million) by the United Kingdom's Information Commissioner's Office (ICO)
  • Google ($57 million) by France's National Data Protection Commission

Google's penalty, issued in January 2019, was hailed as the first "game-changing" fine of GDPR. Regulators claimed the advertising company failed to appropriately relay what consumer data it collected, how long it was stored, and insufficiently gathered consent. 

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
Editors' picks
Latest in IT Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell