Data Protection Academy » Data Protection News » DSK data protection fine concept
DSK data protection fine concept
While other European countries and their supervisory authorities have already enforced very high fines since the entry into force of the General Data Protection Regulation (GDPR), the German supervisory authorities have been reluctant - until now!
With the calculation model for fines, many experts expect higher fines. Since 16 October, the concept has been published by the Conference of Independent Data Protection Supervisors of the Federal Government and the Länder (DSK).
Background data protection fine concept
Since the entry into force of the GDPR In May 2018, numerous fines were already enforced against data protection violations. So far, however, the calculation of the fines has been rather non-transparent and not very comprehensible. For this reason, the European supervisory authorities and the European Data Protection Board (EDSA) are working on concepts for fines to ensure more transparency.
The German concept of fines was developed as a reaction to the model of the French data protection authority CNIL, which seemed too incomprehensible and too case-specific to the German supervisory authorities. As a result, the German model was developed with considerably more comprehensive calculation steps. The German fine model was presented to the Task Force Fining of the European Data Protection Board (EDPB) and met with interest. In particular, as the concept would ensure a systematic, transparent and comprehensible calculation of fines.
Content of the data protection fine concept
The calculation of the fines is essentially based on 5 assessment criteria, which are defined in the DSK's concept will be explained in more detail.
Calculation criteria:
- The enterprise concerned is first allocated to a size class.
- The average annual turnover of the size class subgroup is determined.
- A basic economic value (daily rate) is then determined.
- Depending on the gravity of the circumstances of the crime, the basic value is multiplied by a factor.
- Finally, the value determined is adjusted if there are other circumstances to be taken into account.
Higher fines also expected in Germany
While European neighbours have long since levied fines in the millions, the German supervisory authorities have remained comparatively cautious. The first significantly higher fine was enforced by the Berlin supervisory authority in October against Delivery Hero. According to the Federal Data Protection Commissioner Ulrich Kelber, more are to follow:
"The restraint of the data protection authorities will of course also become less and less [...] there will soon be fines 'in the millions' in Germany too.
The fine system is designed in such a way that it is likely to result in very high fines for larger companies. There is therefore a high risk, especially for groups with subsidiaries. It would be possible that these very cases could end up in court and be subsequently adjusted.
External Data Protection Officer
You are welcome to contact us as external data protection officer (DPO) order. We also offer individual consulting services as well as audits and will be happy to provide you with a non-binding offer. You can find more information about our external data protection officers on our website.
Notes on the use of the fine concept
DSK's concept focuses exclusively on the enforcement of data protection fines against companies. The concept does not apply to associations or natural persons outside their economic activities. Furthermore, the concept is not binding on cross-border cases, other European supervisory authorities or courts.
As soon as the European Data Protection Board (EDPA) calculates its own concept for the calculation of data protection fines, the concept of the DPC loses its validity.
Do you have specific questions about data protection or would you like professional advice? Our data protection experts are there for you throughout Germany! Come to us!
- COVID-19 and data protection - March 25, 2020
- Data protection in the USA - part 3 of the delegation visit - December 6, 2019
- Data protection in the USA - part 2 of the delegation visit - December 3, 2019
This might interest you too:
https://media.robin-data.io/2020/05/29101239/Whatsapp.jpg
343
685
Caroline Schwabe
https://media.robin-data.io/2022/07/05140916/Robin-Data_ComplianceOS_white_logo.png
Caroline Schwabe2021-05-15 11:17:202022-12-06 14:13:52WhatsApp and privacy
https://media.robin-data.io/2022/07/05140916/Robin-Data_ComplianceOS_white_logo.png
0
0
Ulrich Hottelet
https://media.robin-data.io/2022/07/05140916/Robin-Data_ComplianceOS_white_logo.png
Ulrich Hottelet2020-02-18 11:25:142024-10-24 13:57:03Privacy issues in 2020: Interview with the BfDI office
https://media.robin-data.io/2022/05/23150307/Betroffenenrechte.jpg
343
685
Caroline Schwabe
https://media.robin-data.io/2022/07/05140916/Robin-Data_ComplianceOS_white_logo.png
Caroline Schwabe2019-12-09 10:53:282022-09-21 09:07:31GDPR ruling video surveillance medical practice
