The European Union General Data Protection Regulation (GDPR), heralded as the biggest shake-up of data privacy laws in more than two decades, came into force on May 25.
The new rules, designed for the digital age, allow consumers to better control their personal data and give regulators the power to impose fines of up to 4 percent of global revenue or 20 million euros (£17.5 million), whichever is higher, for violations.
Enforcers have since then been deluged by complaints about violations and queries for clarification, with France and Italy alone reporting a 53 percent jump in complaints from last year, European Data Protection Supervisor Giovanni Buttarelli said.
“I expect first GDPR fines for some cases by the end of the year. Not necessarily fines but also decisions to admonish the controllers, to impose a preliminary ban, a temporary ban or to give them an ultimatum,” Buttarelli told Reuters in an interview.
Data controllers, which could include social networks, search engines and online retailers, collect and process personal data while a data processor only processes the data on behalf of the controllers.