The newly formed Irish Data Protection Commission (“DPC”) released its first annual report, highlighting and summarizing its work implementing and enforcing GDPR. Among other things, the DPC reported the following numbers for 2018:
- 1,928: complaints the DPC received under the GDPR.
- 3,542: data breaches reported to the DPC (38 concerning “multinational technology companies”).
- 900: organizations that notified the DPC of the appointment of a data protection officer.
- 15: the number of open statutory inquiries the DPC has against “multinational technology companies.”
The report also looks ahead to 2019, particularly the European court cases the DPC is monitoring. According to the report, the DPC is paying close attention to expected decisions from the European Court of Justice regarding the validity of the Standard Contractual Clauses for cross-border transfers of data, and opinions concerning transparency and consent for cookies.