One year on after GDPR came into force on the 25 May 2018, below is an overview of the key statistics:
- In June 2018, 1,792 breaches were reported to the ICO. This is compared to 657 in May 2018, and 367 in April 2018;
- In 2018, 103 monetary penalties were raised for failing to pay the ICO’s registration fee;
- A class action was successfully brought by 5,518 claimants against Morrisons supermarket under the Data Protection Directive (the predecessor of GDPR). The Supreme Court have allowed Morrisons to appeal against the Court of Appeal’s decision, however, subject to the appeal, UK employers are exposed to vicarious liability for breach of GDPR by employees;
- No GDPR fines have been issued so far by the ICO, nonetheless, 12 EU member states’ data protection authorities (DPAs) have issued fines under the GDPR;
- Ordered by the French CNIL on Google in January 2019, the largest fine in data protection history is in the sum of €50 million as a result of not being transparent and complying with information duties, and for failing to have a legal basis for processing personalised advertising.