Personal data: flashback to 2018
Originally published: newspaper “Estia” (“The annual personal data report”) (in Greek)
Date: 23/12/2019
Republished: www.huffingtonpost.gr (in Greek)
Date: 10/01/2020
On December 4, 2019, the President of the Greek Data Protection Authority presented to the Speaker of Parliament the Report of the Authority for the year 2018. This is an important event for our country, but, unfortunately, without being given due importance. This is because the approach of the annual report makes it possible to get an overall picture of where we are and where we are heading in this extremely sensitive area. Especially regarding the turning point year 2018, during which the General Data Protection Regulation, also known as the GDPR, commenced to apply, which shook the waters of personal data protection on a global scale.
We summarize -commenting- the following six points, in particular relating to the statistics provided in the annual report, which deserve our attention:
1. The Authority faces a serious understaffing problem and insufficient resources. This is a well-known pathogen, which has been repeatedly emphasized by its President. But developments are moving at the speed of light, the demands are increasing, with the result that the Authority is in danger of transforming into a paper tiger.
2. As of the commencement of application of the GDPR, it is not possible to submit questions and receive immediate answers. This is a significant setback that serves as an obstance against the proper implementation of the GDPR. The Authority must be a beacon for the new legislative framework, with open doors and in constant interaction with citizens and businesses.
3. In 2018, a total of 65 audits were performed on data controllers operating online in the areas of financial services, insurance services, e-commerce, ticket services and public sector services. The number of audits shows that they are a drop in the ocean of personal data processing that takes place and falls under the Authority’s control. Their increase is required.
4. The number of incoming complaints was 847, a decrease of about 8% compared to 2017. This statistic is surprising, given that the implementation of the GDPR and the consequent strengthening of citizens’ rights should had led to an increase in complaints with geometric progress. A systematic public information campaign is needed, especially with the use of new technologies.
5. There was an impressive increase by 50% in the use of e-mail service for submitting documents to the Authority (58% in 2018 compared to 36% in 2017 in the total of submitted documents), but a decrease in their submission through the Authority’s website (11% in 2018 compared to 17% in 2017). As regards the use of e-mail, it is a positive development, worthy of congratulations, which responds to the spirit of the times. However, the total upgrade of the website is necessary, so that there can be a dramatic improvement of the relevant performance.
6. The Authority imposed sanctions with 25 decisions. In 12 cases a warning-recommendation was given and in 13 cases a fine between 1,000 and 150,000 euros was imposed. The total amount of fines imposed amounted to 689,000 euros. With the commencement of the application of the GDPR and the increase of the envisaged fines, their total number is expected to be much higher. It is characteristic, after all, that in 2019, fines of 550,000 euros have been imposed with only three recent decisions.
The above data make it clear that 2018 was another year of intense mobility for the protection of personal data in our country. The Authority fulfilled its duties as far as possible. After all, nobody is bound to do the impossible. As for 2019, will the new report to be published in 2020 raise similar concerns? We fear that yes. However, given the ever-increasing importance of personal data protection, resulting in a global interest therein, it becomes clear that the State must finally do its duty. The allocation of state resources to the Authority is more urgent than ever.