In October 2019, the German Data Protection Authorities ("DPAs") published guidelines on how they are going to determine the amount of a fine in case of a violation of the GDPR. The guidelines explain the concept applied by the German DPAs when determining an appropriate fine.

According to the press release, the concept was discussed on a pan-European level and may be amended or revised once Europe-wide guidelines are released by the European Data Protection Board. Only recently, the Berlin DPA issued a fine of EUR 14.5 million for unjustified retention of customer data.

Explore More Insight