GDPR challengers: dissatisfied customers and ex employees

The need for GDPR compliance has become apparent for most business owners. Still there are some who think GDPR is only a concern for big data players. Here are some facts and figures that might help them change their minds.

Most businesses are concerned about investigations by the Data Protection authorities when they worry about GDPR.

The actual facts show that they should worry more about customers and (ex-)employees :

  • 89% of the cases handled by the various national Data Protection Authorities in the EU start with a complaint from a dissatisfied customer, (ex-) employee or competitor.
  • Only 8% are the result of a spontaneous inquiry.
  • 3% starts as a result of a data breach that is investigated further and reveals underlying privacy breaches.

So it is safe to conclude that GDPR challenges mainly come from regular citizens who have complaints, rather than from government initiative.

Only 6% of cases concern multinationals such as Google and Facebook. Among the other 94% we find cases against, for example, a civil-law notary, a bailiff, an accountant, a hospital, a liquor store, a shopkeeper, a car wash, a sports association, a property manager and a Coop Board, a landlord, a non-profit association, an insurer, a bank, …

Cases are often triggered by normal day-to-day routine actions or situations that somehow resulted in a data breach : e.g. disclosure of a personal e-mailadres in a bulk-email, sending a personal email to a professional address, forgetting to close the account of a former employee, a promo mailing, adding a person to a WhatsApp group and even neighbour disputes.

Add to that the growing number of websites that offer to automate privacy complaints and we can only expect the number of cases initiated by citizens to increase exponentially.

GDPR challenges and GDPR Fines

What will it cost you if you get fined?

Most fines range between €1,000 and €5,000 (60%). Just over 20% goes from €15,000 to €20,000. Occasionally fines for SME’s run from €50,000 to €600,000. This is of course not taking into account the mega fines for the big data players that are front page news every other week.


Do you want to get your GDPR in order in a few easy steps? Register now for a free trial account and see how GDPRWise can help you get your GDPR in order in no time!