In June, the conference of the German Data Protection Authorities (Datenschutzkonferenz) approved a concept for the calculation of GDPR fines by a majority of 16, with only one abstention (Minutes of the meeting, cf. TOP 16 – in German). According to the Minutes, the concept was also presented at a meeting of the European Data Protection Board and was regarded as more transparent than others (apparently, the CNIL’s) by its members. The German concept was not published, but it was reportedly already applied by a number of DPAs. Now, the press obtained information about the scheme of the calculation:
In a first step, the fine is calculated in daily rates derived from the worldwide company turnover of the previous year. The daily rate is multiplied by a factor which depends on the seriousness of the breach and is determined by the application of a scoring system. The sum is then reduced or increased depending on the degree of fault and on whether there have been any previous breaches. Three or more previous breaches can lead to a surcharge of 300 per cent. Mitigating factors will also be taken into account, e.g. a swift response to a breach to protect the affected data subjects, and a company’s willingness to cooperate with the Data Protection Authority.
New Calculation Model for Data Protection Fines in Germany posted first on http://ronenkurzfeld.blogspot.com
No comments:
Post a Comment