A survey conducted in April and May 2023 revealed that around ** percent of the companies that do business in the European Union (EU) and the United Kingdom (UK) found it challenging to adapt to new or changing requirements of the General Data Protection Regulation (GDPR) or Data Protection Act 2018 (DPA). A further ** percent of the survey respondents said it was challenging to increase the budget because of the changes in the data privacy laws.

The European Union implemented data privacy laws in mid-2018 and the state of California enacted a similar law several weeks later. These regulations affect medical data collection and analysis. It is unclear if they achieve this goal in the realm of clinical trials. Here we investigate the effect of these laws on clinical trials through analysis of clinical trials recorded on the US's ClinicalTrials.gov, the World Health Organization's International Clinical Trials Registry Platform and scientific papers describing clinical trials. Our findings show that the number of phase 1 and 2 trials in countries not adhering to these data privacy laws rose significantly after implementation of these laws. The largest rise occurred in countries which are less free, as indicated by the negative correlation (−0.48, p = 0.008) between the civil liberties freedom score of countries and the increase in the number of trials. This trend was not observed in countries adhering to data privacy laws nor in the paper publication record. The rise was larger (and statistically significant) among industry funded trials and interventional trials. Thus, the implementation of data privacy laws is associated a change in the location of clinical trials, which are currently executed more often in countries where people have fewer protections for their data.

As of January 2025, The European Union (EU) had three fully operating and one upcoming law regarding online privacy and the usage of digital technologies. The first one, the General Data Protection Regulation (GDPR), was enacted in May 2018. The second law became effective on February 17, 2024, and is called the Digital Services Act (DSA). In March 2024, another law protecting consumer privacy, the Digital Markets Act, was enacted. The latest regulation adopted by the European Union (EU) is called the Cyber Resilience Act (CRA), which became active in December 2024.

A Data Protection Impact Assessment (DPIA) is one of the ways to find out what privacy risks people face when information is collected, used, stored, or shared about them. This helps the London Borough of Barnet find issues so that risks can be taken away or lowered to a level that is acceptable. It also cuts down on privacy breaches and complaints that could hurt the Council's reputation or lead to action by the Information Commissioner (the government watchdog). The London Borough of Barnet makes DPIAs public in with its Data Charter and the 2018 Data Protection Act and UK GDPR.

As of February 2025, the largest fine issued for violation of the General Data Protection Regulation (GDPR) in the United Kingdom (UK) was more than 22 million euros, received by British Airways in October 2020. Another fine received by Marriott International Inc. in the same month was the second-highest in the UK and amounted to over 20 million euros.

Contracts concluded between the Controller and the Processor pursuant to Act No. 18/2018 Coll. and General Data Protection Regulation — GDPR

A data protection impact assessment (DPIA) is a process to identify privacy risks to individuals in the collection, use, storing, and disclosure of information. This allows Camden to identify problems so that risks can be removed or reduced to acceptable levels. It also reduces privacy breaches and complaints which can damage the Council’s reputation or enforcement action against it by the Information Commissioner (the regulator). We publish these as a dataset in accordance with the Council's Data Charter and also the GDPR/Data Protection Act 2018.

This statistic presents the steps taken by companies in the United States to comply with the European Union's General Data Protection Regulation Act as of ***********. According to the findings, ** percent of respondents reported that their company had conducted a GDPR gap assessment, while ** percent stated that they have increased their data privacy budget as a measure towards complying with the GDPR.

Any person or association can submit a complaint to the CNIL for non-compliance with the Data Protection Act and, since May 25, 2018, for non-compliance with the General Data Protection Regulation (GDPR).

The CNIL can then contact the person in charge of the file to check its compliance with the law and request corrective actions if necessary. At the end, the complainant is informed of the actions taken.

This dataset presents the number of complaints received since 1981.

Disclaimer: for any questions about the operation of a file and the help that the CNIL can provide you, please do not use the "Discussions" below, which are visible to all and reserved for exchanges on published datasets; use the Need help service (https://www.cnil.fr/en/cnil-direct) or contact the CNIL on 01 53 73 22 22.

The CNIL may sanction a data controller who has not taken the necessary measures to comply with the Data Protection Act and, from 25 May 2018, the General Data Protection Regulation (GDPR).

The datasets presented concern the number of sanctions, pronounced by the restricted formation of the CNIL, notified each year since 2014 (and their breakdown by type of decision, which has evolved hence the publication of data with the new typology of sanctions as of 2019).

In addition to the distribution of this game, the content of the public sanctions is available on Legifrance.

Disclaimer: for any questions about the operation of a file and the help that the CNIL can provide you, please do not use the "Discussions" below, which are visible to all and reserved for exchanges on published datasets; use the Need help service (https://www.cnil.fr/en/cnil-direct) or contact the CNIL on 01 53 73 22 22.

To verify compliance with the Data Protection Act (and the GDPR since 25 May 2018), the CNIL has the option of controlling files recording personal data. This control may be exercised: - on site (on the premises of the person responsible for the file); - on convocation (on CNIL premises); - on documents (request for documents); - and, since 2014, online (website monitoring). Eight datasets are published: 1. number and types of checks carried out each year since 1990 (csv and xls); 2. lists of checks carried out, by year, from 2014 to 2022 (csv and xls).

Since the European Union's implementation of the General Data Protection Regulation (GDPR) in May 2018, numerous fines have been issued for violations or non-compliance. Of these, the fine of 1.2 billion euros received by Meta Platforms, Inc. in May 2023 has been by far the greatest. The company was issued such a penalty for personal data transfers to the United States without sufficiently complying with the EU regulation.

The President of the CNIL has the possibility to formal notice a data controller to take the necessary measures, within a period that it sets, to comply with the amended Data Protection Act and, from 25 May 2018, the General Data Protection Regulation (GDPR). The dataset presented concerns the number of formal notices notified each year since 2014 (and their public/non-public breakdown). In addition to the distribution of this game, the content of the public notices is available on Legifrance. Disclaimer: for any questions about the operation of a file and the help that the CNIL can provide you, please do not use the "Discussions" below, which are visible to all and reserved for exchanges on published datasets; use the Need help service (https://www.cnil.fr/en/cnil-direct) or contact the CNIL on 01 53 73 22 22.

List of properties licensed under the Council’s HMO Licensing Scheme. This list is updated on a monthly basis. Under section 232 of The Housing Act 2004 the London Borough of Barnet is required to maintain and make available a public register of licensed Houses in Multiple Occupations. An extract of the register is published on the Council’s website here. The dataset is not intended for marketing purposes and none of the individuals or organisations mentioned within this register have given their consent for such use. Companies wishing to use this data for commercial purposes, and marketing in particular, are advised to consider whether their use of this data complies with the UK General Data Protection Regulations (GDPR), Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003. Information Rights are upheld by the Information Commissioners Office, for further information, see the Information Commissioner’s Office website at ww.ico.org.uk. More information on Houses in Multiple Occupancy can be found on our website as well as on the council's Planning portal. You will need to select "Houses in Multiple Occupation" from the drop-down menu and click "Search":

Context

In May 2018, GDPR went into effect. Since then, the local european authorities (such as CNIL for France) issued fines to companies for non respect of the GDPR principles.

Content

A data referential of all known GDPR fines issued by european local authorities regarding GDPR reglementation.

This dataset includes the informed consent forms template used in the research projecte "WeAreHere!"(WaH) ["SomAquí!"] for children's questionnaire, for teachers' questionnaire and for advisory groups. Children under 14 years old doing the questionnaire or participating in the advisory groups needed also the consent of their parents (informed consent forms also included in this dataset). It also includes the image rights forms template for children under 14 years old and 14 and over. All the documents are in Catalan language, except the informed consent forms for parents, that have a Catalan and Spanish version. The informed consent forms have been designed according to the Organic Law 3/2018 on Data Protection and Guarantee of Digital Rights and the General Data Protection Regulation (GDPR) 2016/679 of the European Parliament and of the Council and have been approved by the Ethical Committee of the University of Girona (CEBRU0009-21).

In September 2024, the Irish Data Protection Commission fined Meta Ireland 91 million euros after passwords of social media users were stored in 'plaintext' on Meta's internal systems rather than with cryptographic protection or encryption. In May 2023, the EU fined Meta 1.2 billion euros for violating laws on digital privacy and putting the data of EU citizens at risk through Facebook's EU-U.S. data transfers. European privacy legislation is seen as being far stricter than American privacy law, and the sending of EU citizens’ data to the United States resulted in the record breaking penalty being issued to the tech giant. In January 2023, after it was discovered that Meta Platforms had improperly required that users of Facebook, Instagram, and WhatsApp accept personalized adverts to use the platforms, the company was issued a 390 million euro fine by the European Commission. EU regulators claim that the social media giant broke the General Data Protection Regulation (GDPR) by including the demand in its terms of service. In addition, Meta was fined 405 million euros by the Irish Data Protection Commission (DPC) in September 2022 for violating Instagram's children's privacy settings. In November 2022, the DPC fined Meta a further 265 million euros for failing to protect their users from data scraping. GDPR violations in 2022 Social media sites and companies are not the only types of online services upon which users' data can potentially be compromised. In 2022, the online service with the biggest fine for violating GDPR was e-commerce and digital powerhouse Amazon, which was issued a 746 million euro fine. Furthermore, in December 2021, Google was penalized 90 million euros for GDPR violations. What are the most common GDPR violations? Since GDPR went into effect in May 2018, fines have been imposed for a variety of reasons. As of June 2022, companies' non-compliance with general data processing principles accounted for the largest share of fines, resulting in over 845 million euros worth of penalties. Insufficient legal basis for data processing was the second most common violation, amounting to 447 million euros in fines.