RegSol Blog


DPC Regulatory Activity 2018-2020

July 2020

The DPC has published a two year Regulatory Activities report under the GDPR to assess the range of regulatory tasks over the period 25 May 2018 to 25 May 2020.

From 25 May 2018 to 25 May 2020, the DPC:

  • received in excess of 40,000 emails, 36,000 phone calls and 8,000 postal contacts;
  • opened 15,025 cases in support of individuals’ rights;
  • concluded 80% of cases opened (so far); and
  • reduced conclusion times for cases (average days taken to conclude a case or query down by 53% over two years).

Since 25 May 2018, the most frequent GDPR topics for queries and complaints have consistently been: Access Requests; Fair processing; Disclosure; Right to be Forgotten (delisting and/or removal requests); Direct marketing and Data Security. 

Figures indicate that the DPC is dealing with high volumes of cases that are potentially resolvable at a data controller/ Data Protection Officer level.

  • Total breach notifications received between 25 May 2018 and 25 May 2020: 12,437.
  • 93% classified as relating to GDPR (11,567 notifications).
  • Of the 12,437 total recorded breach cases, 94.88% concluded (11,800 cases).

The most frequent cause of breaches reported to the DPC is unauthorised disclosure (80%). Human error are at the root of far more reported breaches than phishing, hacking or lost devices (5.6% collectively). 

Figures indicate that the DPC is dealing with breaches that could be mitigated by more robust technical and organisational measures.

Click HERE to view the full report.

By Judy de Castro - Regulatory Consultant