16 C
London
Friday, September 20, 2024
HomeUncategorizedGDPR violation - Record 14.5 million euro fine imposed

GDPR violation – Record 14.5 million euro fine imposed

Date:

Related stories

UPES Appoints Prof. Bhaskar Bhatt as the New Dean of the School of Design

UPES today announced the appointment of Prof. Bhaskar Bhatt...

Sightsavers India and Authors of Scaling Small Businesses Unite for Social Impact

Sightsavers India is excited to announce a unique collaboration...

Novotel Hyderabad Airport Unveils Seafood Nights: A Gourmet Delight Every Saturday

Novotel Hyderabad Airport unveils Seafood Nights to raise the...

GDPR violations can prove expensive, something which one real estate firm recently had to learn the hard way when it received a fine to the tune of 14.5 million euros.

The EU General Data Protection Regulation – GDPR for short – is supposed to afford better protection to sensitive personal data. For businesses, this means stricter data protection standards. GDPR violations may be met with tough sanctions. We at the commercial law firm MTR Rechtsanwälte https://www.mtrlegal.com/en.html note that fines of up to 20 million euros or up to 4 percent of global annual turnover can be imposed.

One real estate firm recently learned the hard way that these are not empty threats. The company received a fine at the end of October in the amount of 14.5 million euros from Berlin”s Commissioner for Data Protection and Freedom of Information, the Berliner Beauftragte für Datenschutz- und Informationsfreiheit. The reason: The company used an archive system for storing tenants” personal information which did not allow data that was no longer necessary to be deleted. The data was being stored without checking whether its storage was legitimate and necessary. It was established, for instance, that data was being stored relating to personal and financial circumstances, payslips, voluntary declarations, account statements, etc.

The firm had already been strongly advised during an initial audit in 2017 to change the archive system. However, by the time of the second audit in March of 2019, little had changed apart from preparations by the company to address the shortcomings; too little to reach a state of legal compliance.

There were therefore compelling reasons to impose a fine according to Berlin”s Commissioner for Data Protection. The GDPR requires supervisory authorities to ensure that fines are effective and proportional in individual cases. The starting point for assessment is the turnover achieved in the previous year. For the purposes of reaching a specific determination, all incriminating and extenuating factors are taken into account. Incriminating factors in this case were that the real estate firm had deliberately created the archive structure and that the relevant data was being unlawfully processed over an extended period of time. On the other hand, the fact that the company had taken initial measures to address the shortcomings was considered an extenuating factor mitigating what could otherwise have been a significantly higher fine.

The decision demonstrates that supervisory authorities do not consider GDPR violations a trivial offense and are instead liable to clamp down. Experienced lawyers can advise on data protection issues.

https://www.mtrlegal.com/en/legal-advice/it-law.html

Subscribe

- Never miss a story with notifications

- Gain full access to our premium content

- Browse free from up to 5 devices at once

Latest stories