London, Zagreb March 20th 2020
Croatian Privacy portal and Newsletter GDPR Novosti and Ostendo Consulting Group published today final results of the independent research on EU data protection authorities’ (DPA) activities in 2019. Report is available in English and Croatian language.
Results are presented to public and sent to EDPB (European Data Protection Board) and all EU DPAs.
Expected GDPR fine is up to 1% of annual revenue
Out of 27 EU countries, DPAs from 20 participated in this research. For significant infringements, based on the received responses, organisations can expect fine to be around 1% of annual income, or ¼ of maximum fine DPA can impose.
Lower fines for banks
GDPR application consistency analysis resulted in conclusion that DPAs have developed a consistent approach in calculating fines across the EU and different industries, with exception of financial sector in which fines seem to be significantly lower compared to other industries, taking into account impact to data subject and other elements such as intention, duration, level of cooperation, amount of data etc.
Regarding the infringements fines are imposed for, the survey found an close to equal representation of: vilation of data subject’s rights, unlawful processing of personal data and inadequate technical and organizational security measures with the latter increasing as supervisory bodies acquire competences in the field of information security.
Organisations still do not understand the difference between paper based and real GDPR compliance
Analysis of the root causes for organizations to violate this fundamental human right guaranteed by the EU constitution, shows that many organizations still do not understand the difference between “paper” based and the real protection of personal data.