Privacy & Data Protection reports has been saved
Privacy & Data Protection reports
In the past months we have conducted extensive research into Data Protection Authorities (DPAs). In the coming weeks we will publish sub-reports based on this research to help you gain more insights. Some key topics we will cover include Data Breach reporting, resources, guidance issued and enforcement actions taken. Keep an eye on our website for our latest reports!
Go directly to
- Reporting a Personal Data Breach
- Reported Personal Data Breaches
- Received complaints
- Guidance issued
NEW - Part 5: Guidance issued
The fifth part of our report discusses guidance issued by DPAs. We have studied the form and content of the guidance published by seven DPAs, studying characteristics such as language, format and topics discussed. Our observation is that DPAs publish a lot of relevant guidance. However it does not always have the ideal form and content.
Data Protection Authorities (DPAs) are facing busy times. Whilst their primary task is to enforce the application of the GDPR and ensure compliance, the GDPR entrusts the DPAs with a number of additional tasks such as creating awareness and handling complaints. In addition to this, they will need to cooperate with organizations from time to time, for example when dealing with certain high-risk Data Protection Impact Assessments or when a personal data breach is reported.
Because of this crucial role of DPAs, it is important for organizations to not only identify which DPAs they may need to engage with in the future, but also develop knowledge on the characteristics of these DPAs. At Deloitte we understand these needs. We have therefore conducted extensive research into certain key characteristics of the DPAs. The research seeks to paint a detailed picture and provide you with a closer look at factors that may influence a DPA’s way of working.
Part 1: Reporting a Personal Data Breach
The first part of our report focuses on reporting Personal Data Breaches. The GDPR has introduced a duty for all organizations to report certain types of Personal Data Beaches to the relevant Data Protection Authorities. The deadline for reporting is quite strict: only 72 hours can pass between becoming aware of a breach and reporting. We have studied a number of practicalities related to reporting and came to the conclusion that reporting is not harmonized throughout the Union, and that given the strict timelines preparation is key!
Part 2: Reported Personal Data Breaches
The second part of our report presents an overview of personal data breaches reported to DPAs between 2016-2018. It provides insight into the differences between the EU member states and shows that generally there has been a major increase in reported personal data breaches since the GDPR became applicable in 2018. We also observe that, despite these increases, the numbers prove difficult to compare due to the very different ways in which DPAs publish information on reported data breaches.
Part 3: Received complaints
The third part of our report gives an overview of the number of complaints received by the DPAs across the EU in 2018. For some selected countries, it also presents how the number of complaints evolved over the last three years. These numbers provide valuable insights into the level of privacy awareness within the EU and how easy it has become to submit a complaint. It is therefore important that organizations understand the implications complaints may have on their business.
Part 4: Resources
Let’s talk money! How have DPA budgets developed over the past years and how are DPAs staffed? We’ve crunched the numbers for you. Interested in the trends over the past few years and the underlying data? Check out our latest report to see how your DPA is resourced.
Part 6: Enforcement activities
Sign up for our Privacy E-mail Alert and receive the last news on privacy, links to our latest blogs and notifications about privacy-related events we organize. If you want to know more about Privacy and Data protection, please feel free to contact Annika or Shay via their contact details below.
Privacy email alert
Receive the latest Privacy insights.