GDPR investigation – Must-Know Stats and Takeaways

 

A recent survey in a EU member state shows that in 89% of cases that led to a decision of the sanctioning authority started with a complaint by a dissatisfied customer, (former) employee, competitor, …
Only 8% was the result of a spontaneous GDPR investigation by the authority and 3% started due to a privacy leak that was further investigated revealing other violations.

GDPR investigation – how it starts

The GDPR investigation often starts with disputes resulting from everyday actions. Such as, information in a customer loyalty program, a visible email addresses in a bulk email, personal email to a professional email address, the failure to close accounts by a previous employer, keeping applicant data, a promo mailing, being added to a Whatsapp group and even a fight between neighbours…

In short GDPR exposure is mainly caused by citizens who complain, rather than by any autonomous action of the authority.

 

Check our post about GDPR Compliance checklist for the SME