Last year, The European Data Protection Board, which oversees the data protection authorities of individual EU countries, published its first infographic, showcasing some of the key data since GDPR came into effect.

The data shows that there were approximately twice as many complaints initiated on the basis of complaints from individuals as there were investigations directly initiated by data protection authorities.

Of those complaints, the most complaints were made about:

  • Telemarketing
  • Promotional emails (SPAM)
  • Video/CCTV surveillance

The European Data Protection Board also released data pertaining to data breeches:

When personal data for which a company is responsible is accidentally
or unlawfully disclosed, that company is obliged to report this data
breach to their national data protection authority within 72 hours of
finding out about the breach.


The GDPR gives the data protection authories the power to impose
fines of up to 4 % of a company’s annual turnover.

In the first year of GDPR, the European Data Protection Board recorded 89,271 breeches, or about 244 per day. The range of fines cited by the Board range from €5,000 to €50,000,000, penalising small business, government authorities and giants like Google.


  • Many companies who put data protection low on their list of priorities mistakenly believe it’s the data protection authorities they need to avoid. In fact, businesses are much more likely to come to the attention of data protection authorities due to the complaint of a customer or improperly held contact.
  • The GDPR gives the data protection authorities the power to impose fines of up to 4% of a company’s annual turnover. Considering the impact on the bottom line, enterprises need to raise the priority they assign to GDPR practices.

Image Source: