Data Protection Agencies and GDPR fines 2020March 5, 2020 |GDPR
GDPR fines 2020: See how they affect your business and whether you need to curb the loss. EU and Data Protection Agencies are actively trying to increase awareness on the subject.
Are you subject to the fines though?
EU’s General Data Protection Regulation was crafted to empower the EU citizens to control the flotation of their personal data. Whether it may be used for business marketing purposes, research or product improvement, EU citizens are eligible to control the usage and collection of information relating to them.
According to Article 83, Data Protection Agencies have jurisdiction over the enforcement of the EU GDPR. Data Protection Agencies have refined their procedures, actions and behaviour over time to enforce the law more adeptly.
Article 83, dictates the legal penalisation of noncompliance of the EU GDPR. The penalty has a two-tiered fine structure. Whereby, relatively minor infringements are “subject to administrative fines up to €10 million, or in the case of an undertaking, up to 2 per cent of the total worldwide annual turnover of the preceding financial year, whichever is higher”. And the serious ones are “subject to administrative fines up to €20 million, or in the case of an undertaking, up to 4 per cent of the total worldwide annual turnover of the preceding financial year, whichever is higher.”
Over time the application of the EU GDPR has improved and become apparent among businesses operating in the EU. Here is some greater insight on how it can affect your business. We look at the EU GDPR and the Dutch DPA to analyze the penalties that may be categorised as GDPR Fines 2020.
#1 EU GDPR Fines 2020: Greater Fine Possibilities
The Polish data protection agency, known as the UODO, issued its first GDPR fine on March 26, last year, this was a fine of €220,000 to an unnamed firm. This firm intentionally violated the GDPR by revealing public data of about six million Polish citizens, including their names, email addresses, telephone numbers, and addresses. But, they only extracted consent from 90,000 data subjects for the use of information.
This was one of the earliest precedents of the EU GDPR law enforcement in terms of consent collection.
#2 Reduction of EU GDPR Fines 2020 Via Cooperation
Knuddels.de of Germany was held in a data breach that exposed 330,000 users’ email addresses in September 2018. Knuddels took steps to resolve the situation, setting good data breach management thresholds. These steps included informing its users of the breach, temporarily deactivating the affected accounts, reporting the breach to the data protection agency and ensuring the improvement of the security of its platform.
In response, the LfDI penalised them with a fine of €20,000, which in face of the “exemplary cooperation” and transparency was a lighter punishment then it would have been otherwise.
#3 The Fines Do Not Spare Any Businesses
The EDPB shared its preliminary report examining the initial implementation of the GDPR. The report concluded the fine revenue of the EU GDPR to be €55,955,871—but about 90 per cent of this revenue was derived from a single €50 million fine that Google received from CNIL, the French data protection agency.
This major case study shows that no company no matter how big or small is allowed to be held in breach of the EU GDPR.
#4 Future of EU GDPR Fines 2020
The Dutch framework (in Dutch) is a clear framework for the application of the EU GDPR and the future of it. This is divided into four categories of violations. There is an actionable ‘’ default” fine for each category.
Category I applies to relatively simple or clerical violations. This is an accidental error or violation that may not be a major compliance failure.
Category II refers to when a company does not fulfil specific GDPR requirements regarding data processing. This is a failure to comply with the basic principles in any sense.
Category III violations refer to a company’s refusal to be transparent, and failures to manage data breaches.
Category IV violations are the most severe. These include other exploitative and unlawful data processing and storage practices.
UK’s ICO has limited the penalties for violating the ePrivacy Directive at £500,000. But, activities that fall in the scope of both the GDPR and the ePrivacy Directive are subject to greater penalties than this limit.
If you wish to prepare for the inevitable implementation of the stricter GDPR practices then you can try our GDPR Toolkit to help you assess and improve your current performance.