GDPR fines Crowe

Violations of GDPR - previous fines

GDPR fines Crowe
According to the report of the European Data Protection Board (EDPB), in 2019 further penalties are expected for violation of GDPR. By May, out of over 200,000,000 reported personal data security breaches from 31 European countries, just over half of them had been investigated by national data protection authorities (52%).

The EDBP points out that the sanctions granted so far are in most cases much lower than their maximum statutory amount. By May a total of 110 entities had been fined (including two Polish companies), and the average fine amounted to EUR 66,000. According to the EDBP, we may expect higher fines in the coming months.

In Poland, in May 2019, more than 160 acts were amended, including the Labour Code, in order to adjust them to the Code of Ethics. This put the companies before the obligation to adjust their processes to the new requirements and the need to systematically monitor personal data protection.

In the case of determining the level of sanctions, the authorities responsible for personal data protection take into account, among other things, the following:

  • the number of victims and the extent of damage
  • the purpose and scope of the processing of the data breached
  • nature of the infringement (unintentional or intentional)
  • corrective action taken
  • cooperation with the national data protection authorities (UODO or its equivalents in other countries)
  • whether the product or service has already been protected in terms of data protection at the design stage
  • whether the data were protected both technically and procedurally.

Find out if your company is GDPR compliant

Personal data protection

Contact our expert