A survey conducted in April and May 2023 among companies that do business in the European Union and the United Kingdom (UK) found that over half of the respondents, 53 percent, felt very prepared for the General Data Protection Regulation (GDPR). A further 35 percent of the companies believed they were moderately prepared, while 10 percent said they were slightly ready to comply with the EU and UK privacy legislations.

From 2020 to 2024, Germany's supervisory data privacy authorities had the highest number of full-time employees. The country has led throughout the measured period, accounting for nearly 1,100 full-time employees as of 2024. With a considerable difference, Poland ranked second, having 344 full-time employees working in the supervisory authority of data protection.

A survey conducted in April and May 2023 revealed that around 55 percent of the companies that do business in the European Union (EU) and the United Kingdom (UK) found it challenging to adapt to new or changing requirements of the General Data Protection Regulation (GDPR) or Data Protection Act 2018 (DPA). A further 45 percent of the survey respondents said it was challenging to increase the budget because of the changes in the data privacy laws.

In 2020, the UK reported the highest budget allocated to the national data protection authority (DPA). Its value reached 61 million euros. However, Germany could count on regional and federal budget amounting to 58.9 and 26.8 million euros, respectively.

DP (Data Protection Act) / SAR (Subject Access Request) - % Out of time - (YTD)

DP (Data Protection Act) / SAR (Subject Access Request) - I alt modtaget

DP (Data Protection Act) / SAR (Subject Access Request) - % In time - (YTD).

The Freedom of Information Act 2000 (FOI) was intended to promote a culture of openness and accountability by giving people the right to access information held by public authorities; to improve public understanding of duties, why decisions are made and how public money is spent.

A Subject Access Request (SAR) is a written request that entitles individuals to find out what personal data is held about them by an organisation, why the organisation is holding it and who their information is disclosed to by that organisation.

Since the entry into force of the General Data Protection Regulation (GDPR), on 25 May 2018, only digital processing of the most sensitive personal data must be subject to prior formalities with the CNIL.

These formalities may take the form of simplified declarations (declarations of conformity with a reference framework proposed by the CNIL), requests for an opinion (for the sovereign activities of the State) or applications for authorisation (in the field of health). To find out more: cnil.fr.

In accordance with the amended Data Protection Act (Article 36), the CNIL keeps available to the public the list of these formalities in an open and easily reusable format, known as “List article 36”.

** Warnings:**

1/The published data are the result of the prior formalities completed, since May 25, 2018, by the controllers of personal data processing at the CNIL, via its dedicated teleservices. The CNIL cannot be held responsible for their content.

2/The processing carried out on behalf of the State may not appear in the dataset, the formalities having been completed in the form of requests for an opinion on a draft regulatory act (decree or decree) not submitted via the teleservices mentioned. The information relating to these treatments is available on Legifrance, the opinion of the CNIL being published with the act authorising the treatment (to access the deliberations of the CNIL: https://www.legifrance.gouv.fr/initRechExpCnil.do). In addition, some important treatments are subject to fiches on the CNIL website.

3/Exceptionally exempted from the publication of the regulatory act authorising them (decree or decree) are not included in the published data set, in accordance with article 36 of the amended Data Protection Act. The treatments referred to in Article 30 I and II may be exempted, by decree in the Council of State, from the publication of the regulatory act which authorises them. These treatments are mentioned in Decree n°2007-914 of 15 May 2007.

🇬🇧 영국

Dataset on commits (and repositories) on GitHub making reference to data privacy legislation (covering laws: GDPR, CCPA, CPRA, UK DPA).

The dataset contains:
+ all_commits_info_merged-v2-SHA.csv : commits information as collected from various GitHub REST API calls (all data merged together).
+ repos_info_merged_USED-v2_with_loc.csv: repository information with some calculated data.
+ top-70-repos-commits-for-manual-check_commits-2coders.xlsx: results of the manual coding of the commits of the 70 most popular repositories in dataset.
+ user-rights-ω3.csv: different terms for user rights teriminology in legislation.
+ github_commits_analysis_replication.r: main analysis pipeline covering all RQs in the R programming language.

In order to perform also the initial data collection, the GitHub REST API can be used, collecting data using time intervals, for instance:
https://api.github.com/search/commits?q=%22GDPR%22+committer-date:2018-05-25..2018-05-30&sort=committer-date&order=asc&per_page=100&page=1

This dataset accompanies the following publication, so please cite it accordingly:

Georgia M. Kapitsaki, Maria Papoutsoglou, Evolution of repositories and privacy laws: commit activities in the GDPR and CCPA era, accepted for publication at Elsevier Journal of Systems & Software, 2025.

DP (Data Protection Act) / SAR (Subject Access Request) - Total Reçu - (YTD)

The number of cases where the local prosecutor's office has determined a violation of the Personal Data Protection Act- by type of crime and gender.

DP (Data Protection Act) / SAR (Subject Access Request) - Total Received - (YTD)

Eindhoven open data principles a. Data in the public space (hereafter: “data”) belongs to everyone. This data is public good. Data that is collected, generated or measured (for example by sensors placed in public space) must be made available so that everyone can use it for commercial and non-commercial purposes. However, a privacy and security consideration must be made. b. Data may contain personal data. This data can therefore affect people's lives. The rules of the Personal Data Protection Act apply to this. This data must only be made available after this data has been processed in such a way (for example, anonymised or aggregated) that there are no longer any privacy risks. c. Data that does entail privacy or security risks may only be processed within the framework of privacy legislation. Storage and processing of data must be carried out in accordance with existing legislation. d. Data that does not (any longer) contain personal data must be placed in such a way that everyone has equal access to that data (for example via an Open Data portal). We call this opening up data. No technical or legal barriers are raised that make access to data impossible, restrict or discriminate. e. Data is always made available free of charge, without unnecessary processing (where possible in the raw form) and according to functional and technical requirements to be determined. f. A distinction is made with personal data (such as an e-mail address or payment details) which are collected with the conscious knowledge and after explicit consent of individuals. Use of this data is determined by an agreement between the parties involved within the framework of privacy legislation (such as a user agreement). g. The municipality always has insight into which data is collected in the public space, regardless of whether or not the data can be made public. h. The municipality remains in dialogue with the parties that contribute to the data infrastructure in the city and strives to create earning opportunities and a fertile economic climate.

Deep Packet Analysis Market Outlook

The global market size for Deep Packet Analysis (DPA) is projected to reach USD 8.5 billion by 2032, up from USD 3.9 billion in 2023, reflecting a compound annual growth rate (CAGR) of 8.5%. This robust growth can be attributed to the increasing need for enhanced network security, traffic management, and data loss prevention across various industries. Amidst rising cyber threats and the exponential growth of data traffic, DPA solutions have become an essential component of modern cybersecurity infrastructure.

One of the primary growth factors for the DPA market is the escalating concerns over network security. With the surge in sophisticated cyber-attacks and data breaches, organizations are increasingly adopting DPA to inspect and analyze network traffic at a granular level, thereby identifying and mitigating potential threats in real-time. In addition, regulatory compliances and the need to protect sensitive data are further propelling the demand for DPA solutions, especially in sectors like BFSI and healthcare where data protection is paramount.

Another significant driver of market growth is the rapid expansion of network traffic due to the proliferation of connected devices and the Internet of Things (IoT). As the volume and complexity of network traffic continue to grow, traditional packet analysis methods are becoming insufficient. DPA, with its capability to delve deeper into packet contents, offers a more comprehensive analysis, thereby ensuring better network performance and traffic management. This is particularly crucial for IT and telecommunications sectors that deal with massive amounts of data daily.

Additionally, the advent of cloud computing and the increasing adoption of cloud-based solutions are providing a significant boost to the DPA market. Cloud deployment offers scalability, flexibility, and cost-effectiveness, making it an attractive option for organizations of all sizes. The ability to deploy DPA solutions in the cloud allows enterprises to efficiently manage and secure their networks without the need for substantial upfront investments in hardware.

Regionally, North America holds the largest share of the DPA market, driven by the presence of major technology companies, high adoption rate of advanced technologies, and stringent data security regulations. However, the Asia Pacific region is anticipated to witness the highest growth rate during the forecast period. The rapid digital transformation, increasing cybersecurity threats, and growing investments in IT infrastructure in countries like China, India, and Japan are key factors contributing to this growth.

Component Analysis

The DPA market is segmented by components into software, hardware, and services. The software segment dominates the market, driven by the increasing need for advanced analytics and real-time threat detection. DPA software solutions offer sophisticated algorithms and machine learning capabilities to analyze complex network traffic patterns, making them indispensable for modern cybersecurity strategies. The flexibility and scalability of software solutions also make them favorable for organizations looking to enhance their network security without substantial hardware investments.

On the other hand, the hardware segment also plays a crucial role in the DPA market, particularly for enterprises that require on-premises solutions. Hardware-based DPA solutions provide high-performance packet processing capabilities, essential for handling large volumes of data traffic. These solutions are often preferred by organizations with stringent security requirements and those that need to maintain complete control over their network infrastructure. Additionally, advancements in hardware technology, such as the development of high-speed network processors, are enhancing the efficiency and reliability of hardware-based DPA solutions.

The services segment encompasses a range of offerings, including consulting, deployment, and managed services. As organizations increasingly recognize the complexities involved in implementing and managing DPA solutions, the demand for professional services is on the rise. Consulting services help organizations tailor DPA solutions to their specific needs, while deployment services ensure smooth and efficient integration with existing network infrastructure. Managed services, on the other hand, provide ongoing support and maintenance, allowing organizations to focus on their core business operations while ensuring robust network security.

Prior to the entry into force of the General Data Protection Regulation (GDPR) on 25 May 2018, the Data Protection Correspondent (CIL) was responsible for ensuring compliance with the Data Protection Act within the company, group, association or administration that had designated it.

This designation was optional.

The CNIL publishes the list of private and public bodies that wished to engage in a compliance process by designating a CIL prior to the establishment, by the GDPR, of the DPO.

India Data Center Physical Security Market size was valued at USD 63.41 Billion in 2024 and is projected to reach USD 234.52 Billion by 2032, growing at a CAGR of 17.7% from 2026 to 2032.

India Data Center Physical Security Market Drivers

Exponential Growth of Data: The rapid digitalization across industries in India, fueled by e-commerce, digital payments, social media, and cloud adoption, is generating massive amounts of data. This necessitates robust data center infrastructure and, consequently, stringent physical security measures. Increasing Cloud Adoption: The surge in cloud computing services in India requires secure data centers to house sensitive information. Cloud service providers are investing heavily in physical security to ensure the safety and integrity of their infrastructure. Government Initiatives and Digital India Program: The Indian government's focus on digitalization through initiatives like Digital India is driving the need for secure data centers to support e-governance, digital services, and data localization efforts. Stringent Regulatory Compliance: Regulations like the Information Technology Act, 2000, and the upcoming Digital Personal Data Protection Act mandate robust security measures for data centers handling sensitive information, including physical security. Rising Cyber Threats and Data Breaches: The increasing sophistication and frequency of cyberattacks highlight the importance of a layered security approach, where physical security acts as the first line of defense against unauthorized access and tampering.

EU:n yleistä tietosuoja-asetusta sovelletaan 25.5.2018 alkaen kaikissa EU-maissa. Tietosuoja-asetus korvaa tämänhetkisen henkilötietojen käsittelyä koskevan lainsäädännön kansallista liikkumavaraa lukuun ottamatta. Vielä hallituksen esityksenä oleva kansallinen tietosuojalaki tulee Suomessa vastaamaan yleislakina tähän tarpeeseen. Kun henkilötietojen käsittely todennäköisesti aiheuttaa luonnollisen henkilön oikeuksien ja vapauksien kannalta korkean riskin, on rekisterinpitäjän toteutettava tietosuojaa koskeva vaikutustenarviointi eli arvioitava henkilötietojen käsittelyn vaikutukset henkilötietojen suojalle. Arvioinnissa tulee myös puuttua havaittuihin riskeihin toteuttamalla riittävät suojakeinot riskien pienentämiseksi tai poistamiseksi. Tämän lisäksi tietosuoja-asetuksessa on omaksuttu yleinen riskiperusteinen lähestymistapa; tietosuoja-asetuksen velvoitteet ja asianmukaiset suojatoimet tulee suhteuttaa henkilötietojen käsittelystä aiheutuvaan riskiin. Riskiperusteinen lähestymistapa ohjaa rekisterinpitäjiä kokonaisvaltaiseen tietosuojariskien huomiointiin ja tukee osoitusvelvollisuuden toteuttamista. Opinnäytetyö on tulkintalainopillinen tutkielma, jonka empiirisessä osassa käytettiin laadullisena menetelmänä avoimia haastatteluja. Työn tavoitteena oli perehtyä vaikutustenarviointiin liittyvään sääntelyyn ja ohjaukseen sekä tunnistaa henkilötietojen käsittelyyn liittyviä riskejä ja niiden vaikutuksia luonnollisen henkilön oikeuksiin ja vapauksiin. Työn tarkoituksena oli laatia selkeä ja ymmärrettävä kooste sääntelyn perusteista ja ajanmukaisesta tulkintaohjeistuksesta. Työn oheismateriaalina tuotettiin toimeksiantajan käyttöön ohje vaikutustenarviointien laatimiseksi sekä tietosuojan riski- ja vaikutusanalyysi yleisimmistä riskeistä. Opinnäytetyö sisältyy toimeksiantajan laajempaan prosessiin tietosuoja-asetuksen velvoitteiden implementoimiseksi tämän hallintoon. Vaikutustenarvioinnin sääntely on uutta. Se antaa raamit, mutta jättää rekisterinpitäjälle laajasti tulkinnanvaraa vaikutustenarviointien käytännön toteuttamisesta. Myös kansallinen lainsäädäntö ja ohjaus ovat vielä keskeneräiset. Yhdessä oikeuskäytännön kanssa ne määrittelevät aikanaan vaikutustenarvioinnin sääntelyn tarkemman tulkinnan. Uudet teknologiat, käytännesäännöt, menetelmät ja toimijoiden väliset yhteistyömuodot tarjoavat monenlaisia lähestymistapoja vaikutustenarviointien tutkimiseen jatkossa. The General Data Protection Regulation (GDPR) applies from 25 May 2018 in all EU countries. It replaces the current legislation on processing personal data, with the exception of national margins. In Finland, national Data Protection Act will respond to this need. Where processing operations are likely to result in a high risk to the rights and freedoms of natural persons, the data controller or the data processor should carry out a data protection impact assessment (DPIA) to evaluate the risk. A DPIA must be a genuine risk assessment, which allows data controllers not only to identify, but also to take measures to address the risks. The risk-based approach embodied by the GDPR guides the data controllers to relate the obligations of the GDPR and appropriate safeguards to the risk of processing personal data. The risk-based approach will guide the data controllers to take full account of the data protection risks and support them demonstrating compliance (accountability). The aim of this thesis was to orient on the regulation and guidance available on DPIAs and to identify the risks related to the processing of personal data and their impacts on the rights and freedoms of natural persons. The purpose of the thesis was to produce a comprehensible summary of the regulation and the latest interpretation guidelines of DPIA. As an appendix to the thesis, the commissioner was provided with a DPIA summary and a simple risk and impact analysis exemplifying the most common risk factors and their impacts on a data subject. The appendices are not to be published. The thesis with the complementary material is part of the commissioner’s process of implementing the obligations of the data protection regulation in their administration. National legislation and guidance or best practices for carrying out DPIAs are not yet available. The regulation offers the framework, but leaves the data controller in charge of the implementation. The national general law with the guidance of the supervisory authority and the case law will determine a more precise interpretation of the regulation in due course. New technologies, codes of conduct, methods and forms of cooperation between actors will provide a wide range of approaches in studying data protection impact assessments in the future.