Herzlich willkommen!
Im Workplace Blog schreiben wir über Themen aus der Workplace Law und HR Welt: Wir besprechen wichtige Gerichtsentscheidungen, nehmen uns Glaubenssätze vor, geben praktische Tipps und vieles mehr…
Unser Workplace Blog lebt von Ihren Kommentaren und Feedback. In diesem Sinne freuen wir uns auf den Austausch mit Ihnen!
Ihr PWWL-Redaktionsteam
According to the GDPR, supervisory authorities can impose significant fines in case of data breaches. They must be “effective, proportionate and dissuasive”. They have to be imposed on a case-by-case-basis, but can reach up to € 20 million or in the case of undertakings 4% of the annual worldwide turnover, whichever is higher. It is important to note that undertaking in this respect refers to any economic unit, which engages in economic activities, regardless of the legal person involved.
During the last year, fines were imposed at different levels all over Europe. The French supervisory authority imposed one of the higher fines (€ 50 million) against Google, whereas Germany tends to hold back so far. Recently, the Data Protection Authority of Berlin imposed a fine of € 195,000 against a delivery service, which is rather high by German standards. The company did not delete accounts of former customers, even though those data subjects had not been active on the company’s delivery service platform for years. In addition, former clients had complained about unsolicited advertising emails even after having expressly objected as well as about a violation of subject access requests.
German supervisory authorities have now published a set of guidelines on the imposition of fines against undertakings to ensure a uniform and consistent administrative practice across Germany.
According to the guidelines, the imposition of fines will take place in five steps, which in essence take into account the company’s total worldwide annual turnover of the preceding year and the gravity of the circumstances of the offence. The worldwide annual turnover serves as a basis, from which a daily rate is derived. This rate will be multiplied by a factor depending on the gravity of the offence, ranging from 1 to 4 for a minor infringement to a factor of more than 12 for a very serious offence. In a final step, the amount will be adjusted taking into consideration all the circumstances in favor of and against the company. It is expected that the amount of the fines will now start to increase – we will have to wait and see and of course, we will keep you updated.
