The DPC published figures showing the extent of how things have changed since May 2018.

Background: The Irish Data Protection Commission is a key data protection authority in Europe, since most large tech companies have their main establishment in the country. Under GDPR, this will make the DPC the lead authority in most cases involving Big Tech.

What the annual report says: Last week, the DPC published its first annual report since the introduction of GDPR. Its figures show the initial impact of the Regulation; for example, the DPC received a total 4,113 complaints in the whole 2018 (56% up on 2017); of these, 2,864 were issued after 25 May 2018, more than twice the amount of the first part of the year. The number of data breach notifications also soared, from 2,795 in 2017 to 4,740 in 2018 (3,542 of which after 25 May 2018).

What the future looks like: As the pace of activity is significantly picking up, the authority is now growing in staff (from 85 at the end of 2017 to 135 in January 2019) and funding (€15.2m for 2019, twice as much as for 2017). Tech giants are on the regulator’s radar: there are 10 inquiries underway into Facebook (including WhatsApp and Instagram), three on Twitter, two at Apple, and one on LinkedIn, likely to result in fines if infringements are identified.