
New Criteria for GDPR Fines Determined by the CJEU
1 min read

The European Court of Justice has refined the application of the GDPR, offering important insights for data protection enforcement.
🔹 𝐊𝐞𝐲 𝐔𝐩𝐝𝐚𝐭𝐞𝐬:
- Fine Issuance Criteria: Clear parameters for when GDPR fines are applicable.
- Fine Calculation Methods: A new formula to determine monetary penalties.
- Joint Controllership Conditions: Guidelines for establishing shared data management responsibilities.
- Fine Amounts: A structured approach to decide on penalty figures.
🔍 𝐂𝐚𝐬𝐞 𝐁𝐚𝐜𝐤𝐠𝐫𝐨𝐮𝐧𝐝:
Triggered by queries from Lithuanian and German courts concerning Covid-19 data handling and tenant information storage, the CJEU's interpretation of Article 83 of the GDPR has led to these updates.
💡 𝐂𝐉𝐄𝐔'𝐬 𝐈𝐧𝐬𝐢𝐠𝐡𝐭𝐬:
- Fines for Misconduct: Only applicable if data controllers act with malice or negligence.
- Broad Liability: Inclusivity of legal entities, regardless of individual breach awareness.
- Subcontractor Responsibility: Fines reflect the entire enterprise group's turnover.
These developments are crucial for GDPR-compliant entities, underscoring the importance of adherence for effective compliance and risk management.