Regulators in the European Union could impose sanctions for violations of the General Data Protection Regulation (GDPR) as soon as by the end of 2018, according to European Data Protection Supervisor Giovanni Buttarelli. According to a Reuter’s news report, Butarelli said in an interview, “I expect first GDPR fines for some cases by the end of the year. Not necessarily fines but also decisions to admonish the controllers, to impose a preliminary ban, a temporary ban, or to give them an ultimatum.”

Regulators in France and Italy report a 53 percent increase in complaints about violations over last year, Buttarelli said, adding that enforcers have seen a sharp increase in both complaints and requests for clarification. Fines are levied by national data protection authorities in EU member states and can be imposed on any company that operates in Europe, no matter where it is headquartered. The European Data Protection Supervisor does not directly impose fines, however, Buttarelli coordinates the work of privacy regulators across the European Union.

Buttarelli suggested that while imposition of fines is important to credibility and public trust, he noted that from an administrative perspective sanctions are only one aspect of global enforcement. He said that many EU countries are poised to impose sanctions on companies and public administrations, however, he did not provide details because investigations remain in progress.

As reported in this blog, data protection authorities are paying close attention to the compliance efforts of smaller and medium sized companies and have embarked on efforts to inform the public of their new rights and opportunities for redress under the GDPR. The GDPR, which came into effect in May 2018, represents a significant shift in the approach to data protection toward companies’ accountability for protecting data and processing it responsibly.

Achieved Compliance – helping you navigate the complex world of data compliance.

Through its software guided review and remediation process, education tools and representation services, Achieved Compliance makes it possible for companies to take all the steps needed for meaningful compliance that meets regulators’ expectations.

For more information as to how we can help your organization be GDPR compliant please contact