The GDPR went into effect on May 25, 2018 and drastically affected how companies use and store their users’ data. As a piece of EU legislation, the GDPR was primarily created to protect users and their data.

After almost a year and a half since its implementation, what was the outcome? Is user data more secure? Are most companies GDPR compliant?

Let us examine some important numbers in the infographic below:

P & DP Blog Infographic_1


  • 500,000 data protection officers employed

The data officers employed is 6x more than what was forecast in 2017. Just 3 years ago, there were only 13 DPO jobs posted for every million jobs. Even with this huge spike in DPO employment, only a little over half of European citizens know there is a public authority protecting their personal data rights.

The main enforcers of the GDPR are The European Commission (EC), The European Data Protection Board (EDPB) and The 28 EU Member States – with each country having its own GDPR agency.

  • 45% of EU citizens are still concerned about their data privacy

Even though the EU has made great strides toward protecting its citizen’s data, there are still feelings of concern, which means there are opportunities to improve.


  • 1 in 5 companies thought full compliance was impossible

The implementation of GDPR created a huge task for businesses to overcome. Many dumped any previous data they had as an easier alternative to becoming compliant. Others chose to stop serving EU citizens completely. These are really businesses only two options if they do not want to make their company compliant. However, many companies did put in the effort to become compliant and large UK companies spent over €900,000,000 collectively to prep for the GDPR.

  • Currently, less than 1 in 3 companies are fully compliant

With the risk of hefty fines being so great, it’s surprising so many companies are still non-compliant. Executives from fully compliant companies believe that by being so, they have a competitive advantage. They are showing their customers that they care about protecting their private information, which leads to a stronger customer experience and a trustworthy brand image. Ultimately, all of this will lead to a boost in revenue.


  • €57,000,000 + in fines issued

This may seem like an extreme amount but it is actually lower than what was projected at the time of implementation. There may have been a grace period during the first year to allow companies to become compliant.

  • Google was fined €50,000,000

Google, however, did not receive any benefit from a grace period. This fine was issued for not properly disclosing how data is collected across its services – including its search engine, Google Maps and YouTube.

  • 144,376 complaints filed

Individuals can lodge complaints with data protection authorities directly or companies can do it on their behalf. Even with the huge increase in DPOs, agencies still feel short-staffed and are having trouble keeping up with complaints and notifications.

  • 89,271 data breach notifications

If a company becomes aware of data being accidentally or unlawfully disclosed, they have 72 hours from the time they found out about the breach to report that information to authorities. About 37% of GDPR cases are still pending.


Interested in learning more? Join privacy professionals, compliance officers, and other industry experts at the 3rd Annual Privacy and Data Protection Summit. This edition will focus on the challenges GDPR has presented as well as discuss strategies for rebranding privacy compliance within your organization.


Download your free brochure today to see the full speaker line up and more!