Skip to main content

GDPR one year on


It has been one year since the introduction of GDPR and this regulation seems like a toddler struggling to stand on its own two feet. This piece of legislation has been revered by many but nonetheless despised by quite a few. While it is still a works-in-progress and many companies are still finding their footing by establishing their own versions of standards, individuals are challenged into remaining vigilant on what concessions they make on the use of their personal data.

Nonetheless, the first year of GDPR saw many organisations and regulators working hard to implement the relevant requirements. Data protection officers had to increase their resources, however, these increases pale in comparison with the inundation of complaints, and registrations of breach notifications that EU State regulators received.

Reflecting on the figures released by the EU regulator the following can be assessed:

500,000+ registered DPOs;

280,000+ cases;

440+ cross-border cases;

144,000+ complaints;

89,000+ data breach notifications;

56,000,000+ Euro in fines.

On the other hand, when assessing the reports published by the Malta IDPC for the same period, one does not fail to notice that during 2018 and the first four months of 2019 the Malta IDPC also received its fair share of complaints. During 2018 the IDPC received 100+ in breaches which were categorised as follows:

34% from the Financial sector;

23% from the Gaming sector;

8% from the Public sector;

35% from other sectors.

When looking into the first four months of 2019,  there has been already 48 reports of breaches logged, with the following being reported:

23% from the Financial sector;

23% from the Gaming sector;

9% from the Public sector;

45% from other sectors.

Looking into the causes and nature of the breaches for the abovementioned periods, it transpires that:

39 were external malicious;

11 were internal malicious;

113 were internal non-malicious;

42 were unauthorised disclosure of personal data;

37 were hacking attack;

79 were human error.

With reference to the fines imposed by the regulator the statistics show that during 2018 the private sector was fined a total of Euro 19,500. However, the first four months of 2019 might indicate that the regulator will be less tolerant since the private sector has already been fined Euro 10,000, while the public sector in particular the Lands Authority was found in breach of article 32 and fined Euro 5,000.

As stated by EU digital chief Andrus Ansip, EU Commission Vice President Frans Timmermans, EU justice chief Vera Jourova and EU digital economy commissioner Mariya Gabriel, more penalties are envisaged as Europeans were becoming more aware of their rights.

Should you have any questions regarding GDPR, get in touch via or +356 2010 3020.

Leave a Reply

Close Menu