On December 2, 2019, the German Supervisory Authorities issued a report evaluating the implementation of the EU General Data Protection Regulation (“GDPR”) in Germany. The report describes the Supervisory Authorities’ experience thus far in applying the GDPR and lists the provisions of the GDPR they see as problematic in practice. For each of these provisions, the report discusses the perceived problem and proposes a solution.
The report begins by noting that the GDPR has significantly increased the workload of German Supervisory Authorities over the past year and a half. This is due not only to an “enormous growth” in the number of complaints and consultation requests received, but also additional work resulting from the GDPR’s cross-border cooperation procedure. Since the increased workload has not always been met with increased resources, the authorities have found it difficult to effectively supervise compliance. Controllers are apparently aware of this and, as a result, have neglected their duties to be GDPR compliant.