Skip to content
News
EN

Data Protection Day: Only 1.3% of cases before EU DPAs result in a fine

noyb - European Center for Digital Rights

Content

National Administrative Procedures and DPA inactivity When the General Data Protection Regulation (GDPR) came into force in 2018, it ushered in a new era of data protection in the EU. At least on paper. Consumers were given the tools to stand up for their fundamental rights, while authorities received serious investigatory powers and the ability to sanction breaches with hefty fines. Nearly 7 years later, the reality is much bleaker. On the occasion of this year’s Data Protection Day on 28 January, noyb analysed current EDPB statistics on the (in)activity of national data protection authorities (DPAs). The data shows that, on average, merely 1.3% of cases before DPAs result in a fine. However, data protection professionals say that fines are the most effective way of ensuring companies comply with the law. EDPB report on DPA activity between 2018 and 2023Strict GDPR enforcement only on paper. When the General Data Protection Regulation (GDPR) came into force in May 2018, it promised a