6months GDPR.

Six Months With GDPR in Force. What Happened?

The GDPR, that came into force on the 25th of May, 2018, expanded the EU‘s data protection area coverage, introduced innovations that have an effect on organizations and individuals. Therefore, it was one of the most significant events for companies in the EU and outside the EU that process personal data of the EU citizens. Organizations were forced to review the priorities of processing activities, to introduce new approaches and to develop a culture of personal data processing by minimizing collected data amounts, defining purpose and grounds for processing data, fulfilling the rights of data subjects, etc.

The survey on GDPR compliance

The TechRadar – the online publication focused on technology, recently held a survey with 103 major companies operating in Europe from different industries including retail, media, technology, public sector, finance, and travel. Results showed that even though companies are aware of requirements and now had six months to meet the new standards, many businesses are still struggling to cope with GDPR. It was mentioned in the summary of the survey, that a large proportion is lacking the proper methods of storage, organization, or retrieval of data in line with the regulations’ requirements. And the compliance level seems to be much lower than expected. The most difficult requirements to meet – the new rights of the data subject, such as the right to access and right to data portability.

GDPR concerns not only companies within the EU, but also the ones outside the EU that process personal data of the EU citizens.  And, according to the TechRadar, only 35% of Europe-based companies agreed to provide the data for a survey. This includes companies headquartered in the UK, France, Germany, Spain, Sweden, and Italy. However, only 50% of companies that provided data, showed the compliance rate slightly higher for non-European companies. Thus, businesses outside of EU seems to take a more proactive approach to GDPR.

Some industries are more GDPR compliant than others. The TechRadar shared the concerns, that over 76% of companies in the retail industry didn’t even participate in the survey. Financial service providers, on the other hand, were the most active, even though only half of the industry provided the response.

The main cause for GDPR data breaches

According to the ICO, the vast majority of breaches were caused by „human error“. The incompetence or mistakes resulted in 88% of the reported breaches (confidential data emailed to the incorrect recipient, loss or theft of paperwork, data left in an insecure location and others). Only 22%  were seen as being related to a malicious activity.

Here are some of well known GDPR data breaches

 GDPR six months summary in Lithuania

Lithuanian Data Protection Authority received a mass of requests for consultancy from companies regarding GDPR and the same amount of complaints from data subjects regarding unlawful/ incorrect processing of their data. That is why Lithuanian Data protection Authority still acts more as an assistant, rather than as a punisher.

During 2018, over 6671 consultations were provided. That is 15% more, compared to the number in 2017. The main focus was at such matters as the legality of data processing, innovations brought by GDPR, the expertise of the local data protection authority. Also, video surveillance under the GDPR, the appointment of a DPO, implementation of human rights, direct marketing, and personal data breaches. So far, the Lithuanian Data Protection Authority has not imposed any fines under the GDPR. However, after 19 inspections done during the period from the 25th of May, there were 18 cases when personal data was mishandled.

It is clear by the number of complaints received, that direct marketing is one of the most pressing issues that data subjects meet. During the half of year of GDPR, local data protection authority received 443 such complaints, which is almost the same as in whole 2017 (480). Despite direct marketing, people are actively complaining about data collected and used by debt collectors, the service providers sector and state registries. Also, possible breaches on special categories of personal data, personal identification codes, the legality of processing image data.

After GDPR came into force, data security breaches have become critical to both, public and private sectors. Data security breaches were reported 80 times from the 25th of May (in 2017 – only 7 data breach cases). The main causes – unlawful data disclosure, loss, theft, and plagiarism”

Share on facebook
Share on linkedin
Share on twitter
Share on pinterest
Share on email

Try our GDPR Compliance Tool GDPR Register for 14-days.

No credit card required.

Latest Posts
Personal Data Breach Reporting Requirements Under the GDPR

Personal Data Breach Reporting Requirements Under the GDPR

What is Data Breach? A personal data breach is security incident that results in the accidental or unlawful destruction, loss,...
Direct marketing rules and exceptions under the GDPR

Direct marketing rules and exceptions under the GDPR

Direct marketing includes text messages (SMS) and emails that a customer receives from a product or service provider. But activities...
Records of processing activities in GDPR Article 30

Records of processing activities in GDPR Article 30

What do companies have to include in the records of processing activities? GDPR Article 30 requires companies to keep an...
Data Protection Authorities (DPA)

Data Protection Authorities (DPA)

Data Protection Authorities (DPA) Data Protection Authorities (DPA) are independent public authorities that supervise, through investigative and corrective powers, the...
Data Processing Agreement (DPA)

Data Processing Agreement (DPA)

What is a DPA? A Data Processing Agreement (DPA) is a legally binding document to be entered into between the controller...
GDPR compliance checklist for controllers

GDPR compliance checklist for controllers

This is a simple GDPR compliance checklist for controllers that you can use to ensure you have considered most important...
GDPR Basics: Are you a Controller or a Processor?

GDPR Basics: Are you a Controller or a Processor?

What are ‘controllers’ and ‘processors’? With this short and simple article, we will try to explain the basics of controllers...
Templates for Records of Processing Activities

Templates for Records of Processing Activities

As we see every day, most companies and organisations still keep their Records of Processing Activities in spreadsheets. Through our...
Web plug-in requires visitor’s consent

Web plug-in requires visitor’s consent

In the light of the recent ruling of the European Court of Justice, website owners have to bear in mind...
First GDPR fine issued in Lithuania

First GDPR fine issued in Lithuania

A year after GDPR came into force, the Lithuanian Data Protection Authority (VDAI) has issued its first administrative fine. UAB ‘Mister Tango’,...

Zpracovává vaše společnost osobní údaje?

Zpracovávat vaše společnost osobní údaje fyzických osob, jako jsou:

  • Údaje zaměstnanců, zákazníků, uchazečů o zaměstnání nebo pacientů včetně:
    • Jméno nebo osobní identifikační číslo
    • Kontaktní údaje (e-mailová adresa, telefonní číslo, adresa)
    • Bankovní údaje, plat, údaje o pasu nebo jiné osobní údaje


Ar Jūsų įmonė renka ir tvarko fizinių asmenų asmens duomenis? 

Asmens duomenys gali būti:

  • Kliento, darbuotojo. paciento, kandidato į darbo vietą ir kt. 
    • Vardas ar asmens  numeris 
    • Kontaktinė informacija (el.pašto adresas, telefono numeris, adresas ir kt)
    • Banko sąskaitos  duomenys, atlyginimo dydis, paso duomenys ar bet kokia kita asmeninė informacija. 

Onko yrityksessäsi enemmän, kuin 250 työntekijää?

Kas teie ettevõte kogub ja töötleb isikuandmeid?

Kas teie ettevõte kogub ja töötleb füüsiliste isikutega seotud andmeid nagu näiteks:

Töötajate, klientide, tööle kandideerijate, patsientide:

  • Nimi, isikukood
  • E-posti aadress, telefoninumber, kodune aadress
  • Pangakontonumber, palgasumma, krediitkaardiandmed või mõnda muut tüüpi isiklikud andmed

Does your company collect any personal data?

Does your company collect and process any personal data of natural persons such as:

  • Employees, Customers, Job Applicants or Patients including:
    • Name or personal ID number
    • Contact details (Email address, Phone number, Address)
    • Bank details, Salary amounts, Passport details or any other personal data