General Data Protection Regulation - GDPR

The General Data Protection Regulation (GDPR) came into force in May of 2018 with the goal of ensuring that personal data is effectively protected. Violations of the GDPR can lead to heavy fines. For businesses, this means stricter requirements for data protection compliance.

  • Fending off administrative fines
  • Noncompliance and claims for damages
  • Implementing data protection guidelines

The aim of the General Data Protection Regulation, which entered into full force on May 25, 2018, is to standardize data protection within the European Union and to better safeguard sensitive personal data. Businesses that collect, store, and process data now face new challenges when it comes to dealing with the personal data of their clients, customers, and employees. In order to achieve higher standards of protection for personal data, the supervisory authorities are able to impose hefty administrative fines in response to GDPR violations.

Fines for noncompliance

The national supervisory authorities have the power – or rather, the obligation – to respond to GDPR violations by issuing orders to put an end to the noncompliance and ensure the processing of sensitive personal data conforms to legal requirements. The authorities are also able to impose significant fines, the value of which depends on various factors such as the severity of the offense and whether the underlying behavior was intentional or negligent. These should be proportionate but also serve as a deterrent, with offenders potentially incurring fines of up to 20 million euros or up to 4 percent of annual worldwide turnover.

The supervisory authorities must decide on a case-by-case basis what level of fine to impose. Fines may be higher if the violation was intentional or if appropriate measures were not taken to mitigate the damage caused. Likewise, companies are expected to cooperate with the supervisory authorities in order to avoid a more severe penalty.

Particularly egregious violations within the meaning of Art. 83(5) of the GDPR can see companies facing fines of up to 20 million euros or up to 4 percent of their worldwide annual turnover. Even less serious violations as defined in Art. 83(4) of the GDPR can result in fines of up to 10 million euros or up to 2 percent of global annual turnover being imposed.

Claims for damages due to noncompliance

In addition to fines, failure to comply with the GDPR can also give rise to claims for damages brought by those affected by the data protection breaches. The value of the claim for damages should also be significant. Companies are especially likely to be faced with large claims if several persons are affected by the violation. At the same time, the company may be entitled to claim damages against its managing director or other persons in positions of responsibility.

Legal counsel

The potential extent of the fines shows that violations of the GDPR are not a trivial offense. They are intended to act as a deterrent and may even threaten the company's ongoing existence. It is essential for companies that find themselves accused of having breached data protection laws to seek expert legal advice. Doing so could possibly see the accusation refuted or at least the penalty reduced.

The risk of GDPR violations can be kept to a minimum through comprehensive data protection compliance and/or with the help of a data protection officer.

Make an appointment at one of our locations in Cologne, Berlin, Dusseldorf, Frankfurt, Hamburg, Munich or Stuttgart!
MTR Koeln
Konrad Adenauer Ufer 83
50668 Cologne
+49 221 9999220
MTR Berlin
Upper West
Kurfürstendamm 11
10719 Berlin
+49 30 56849999
MTR Bonn
Rabinstraße 1
53111 Bonn
+49 228 92959978
MTR Dueselldorf
Fürstenwall 172
40217 Düsseldorf
+49 211 99339944
MTR Frankfurt
Wiesenhüttenplatz 25
60329 Frankfurt am Main
+49 69 90283999
MTR Hamburg
Domstraße 10
20095 Hamburg
+49 40 42237992
MTR Muenchen
Highlight Towers
Mies-van-der-Rohe-Straße 6
80807 Munich
+49 89 70809904
MTR Stuttgart
Lautenschlagerstraße 23a
70173 Stuttgart
+49 711 98809964
Do you have any questions?
Make an appointment at one of our locations in Cologne, Berlin, Dusseldorf, Frankfurt, Hamburg, Munich or Stuttgart!