New Criteria for GDPR Fines Determined by the CJEU

The European Court of Justice has refined the application of the GDPR, offering important insights for data protection enforcement.

🔹 𝐊𝐞𝐲 𝐔𝐩𝐝𝐚𝐭𝐞𝐬:

• Fine Issuance Criteria: Clear parameters for when GDPR fines are applicable. • Fine Calculation Methods: A new formula to determine monetary penalties. • Joint Controllership Conditions: Guidelines for establishing shared data management responsibilities. • Fine Amounts: A structured approach to decide on penalty figures.

🔍 𝐂𝐚𝐬𝐞 𝐁𝐚𝐜𝐤𝐠𝐫𝐨𝐮𝐧𝐝:

• Triggered by queries from Lithuanian and German courts concerning Covid-19 data handling and tenant information storage, the CJEU’s interpretation of Article 83 of the GDPR has led to these updates.

💡 𝐂𝐉𝐄𝐔’𝐬 𝐈𝐧𝐬𝐢𝐠𝐡𝐭𝐬:

• Fines for Misconduct: Only applicable if data controllers act with malice or negligence. • Broad Liability: Inclusivity of legal entities, regardless of individual breach awareness. • Subcontractor Responsibility: Fines reflect the entire enterprise group’s turnover.

These developments are crucial for GDPR-compliant entities, underscoring the importance of adherence for effective compliance and risk management.