95,000 complaints, 41,500 data breach notifications, three companies fined: EU Commission publishes figures on the European General Data Protection Regulation.

AD – 04/2019

The European General Data Protection Regulation (GDPR) entered into application on 25 May 2018. The European Commission has  published a webpage with information about the new data protection rules for businesses and citizens.

The Commission recently took a look at what has happened in the first year of the GDPR and highlighted the positive effects of the new Regulation. European citizens have become more aware of the importance of data protection and their rights. The national data protection authorities that work together on the European Data Protection Board have seen that citizens are exercising these rights on a daily basis.  


There have been more than 95,000 complaints regarding infringements of data protection rights made by EU citizens to the national data protection authorities. There have also been more than 41,500 complaints filed regarding the accidental or unlawful disclosure of personal data by companies. These figures come from a graphic published by the EU Commission which looks at the GDPR in numbers.

The Commission has also published a mythbusting factsheet to address common misconceptions and prejudices regarding the General Data Protection Regulation in everyday life.

European Data Protection Board

The European Data Protection Board (EDPD) is an independent European body that contributes to the consistent application of data protection rules across the EU and promotes cooperation between data protection authorities.

The Board consists of representatives from the national data protection authorities and the European Data Protection Supervisor (EDPS). The supervisory authorities of the EEA/EFTA States are also members with regard to matters concerning the GDPR, but without the right to vote and without the right to be elected chair or deputy chair.

The EDPD was established through the GDPR and is based in Brussels. The EU Commission and, with regard to matters concerning the GDPR, the EFTA Surveillance Authority are entitled to participate in the activities and meetings of the Board without the right to vote. The EDPD has a secretariat, which is provided by the EDPS. The terms of cooperation between the EDPB and the EDPS are set out in a Memorandum of Understanding.