GDPR One Year On -Post Brexit - Blueberry Design Ltd
GDPR One Year On

GDPR Overview

GDPR came into effect on the 25th May 2018. GDPR provides individuals and companies to have the appropriate policies, procedures and processes to protect personal data. All organisations must have a risk-based approach to data protection. GDPR requires organisations to implement appropriate technical and organisational measures and extends the given rights to individuals. Penalties for organisations who are not in compliance of GDPR can be severe and can go up to €20,000,000.00 or 4% of global turnover.

Whats happened since 25th May 2018???

It seems not a lot has happened since the introduction of GDPR but if you dig deeper you’ll find the various EU data commissioners have been inundated with data complaints.

  • A total of 59430 report data breaches have been reported since 2018.
  • 91 reported fines have been issued under GDPR.
  • Most notifications reported by countries: Netherlands 15400, Germany 12600, UK 10600.
  • Fewest notifications reported so far from countries: Cyprus 35, Iceland 25, Liechtenstein 15.

Some GDPR fines to date.

  • France: €50 million
  • Portugal: €400,000
  • Poland: €220,000
  • Germany: €80,000
  • Austria: €4800

What about Ireland??

The Irish Data Commissioner reported 4740 valid data breaches since the introduction last May. 75% of these reported post 25th May. 4113 complaints have been received by the Irish Data Commission in 2018 – 70% received post May.

What types of breaches have been reported to the Irish Data Commissioner.

  • 85% disclosure
  • 5% paper lost/stolen
  • 3% hacking
  • 3% phishing
  • 2% devices lost/stolen
  • 1% Malware
  • 1% inappropriate disposal of paper.

Currently the Irish Data Commission has 50+ open investigations. 17 investigations into multinational technology companies based in Ireland. 8 investigations into Facebook alone. the commission has increased its staff numbers in recent times to 135 and is still growing.

Key factors for organisations to note from the DPC.

  • Report breaches on time (within 72 hours of breach)
  • Contact data subjects (individuals or organisations) without delay.
  • Have a Breach playbook (know what to do in case of a data breach)
  • Train Your Employees (don’t leave it to one person)
  • Retain records (wherever possible)

Brexit and Data Implications:


As we know Britain are due to exit the EU on the 31st October 2019. We know this date could change depending on the outcome of Leadership and Brexit talks. Lets say for this the UK leaves on the 31st October, what happens then?

Some possible scenarios:

  1. A no-deal Brexit
  2. Agree a new withdrawal agreement
  3. New common market 2.0 agreement
  4. New withdrawal agreement

What happens if there is a no-deal or hard Brexit?

  • The UK will become a “third country”. A third country outside of the EEA or the European Economic Area
  • Data transfers to a “third country” is allowed if the country is deemed to have adequate levels of data protection
  • Organisations from “third countries” without adequate protection must adopt safeguards to transfer data from  the EEA to a third country.
  • Some appropriate safeguards are:
    Binding corporate rules
    Standard contractual clauses
    Certification mechanisms or protections.

DPC recommendations in case of a NO-Deal Brexit

Key Takeaways:

  1. Monitor Your Data Protection Compliance
  2. When a data breach occurs…not if
  3. Implement SCC’s if transferring data to the UK
  4. Keep Up to Date and check the data protection commission website regularly:


Image from






10 Reasons Why Your Website Will Lead Your Digital Transformation
10 Reasons Why Your Website Will Lead Your Digital Transformation
A company's digital transformation involves leveraging technology to fundamentally change how it operates, interacts with customers, and delivers value A website can indeed serve as a foundational element for initiating and supporting your business digital transformation Let's...
We’re Celebrating 15 Years in Business
We’re Celebrating 15 Years in Business
Today we are celebrating our 15th anniversary in business Its a milestone we are very proud to achieve We couldn't have done it without the help of our clients, colleagues, partners, friends and family Thank you all so much for your support Here's to the next 15...