The Handlsblatt report the authorities first fines for violations of GDPR (DSGVO) by the various DPAs in the German Federal States. :
Nationwide, fines have been issued in 41 cases because of DSGVO violations. Especially small companies are apparently unprepared for the new rules. “Most fines were imposed by North Rhine-Westphalia (33), followed by Hamburg (3) and Baden-Württemberg and Berlin (2 each) and Saarland (1). Alone at the Bavarian State Office for Data Protection Supervision (BayLDA), which monitors the observance of data protection law in private business enterprises, in freelancers, in associations and associations as well as on the internet, currently 85 fine proceedings are under the GDPR.”
“The large number of consultation requests and the explicit complaints indicate that there has been an increased awareness.” In this respect one could say: “The DSGVO has been effective with regard to those affected.” There are serious deficiencies in the data processing information.
According to the Hamburg data protection Authority, Johannes Caspar, “a lot has changed for the better in companies as well“. Awareness of data protection and understanding of one’s own responsibility for the processing of data has increased significantly. For example regarding the appointment of data protection officers or the creation of processing directories and data protection statements.
“In this respect, this improved awareness is certainly one of the most important changes by the GDPR,” according to Johannes Caspar. “The huge increase in consultancy shows the great need of companies to behave in compliance with data protection,” said BayLDA President Thomas Kranig .
“With regard to global Internet companies, supervisors must be able to enforce data protection in accordance with the GDPR and, where necessary, initiate and implement fast and effective procedures,” Johannes Caspar said. It will show whether the European Data Protection Board and the national authorities represented therein are able to ensure the uniform and effective protection of the rights and freedoms of stakeholders in this field.
For the Bavarian State Commissioner for Data Protection, Thomas Petri, it was important that companies such as clinics or transport companies, adapted as soon as possible their privacy management. He considers “Sometimes fines can inhibit rather than promote fines,” while at the same time he warned: “I should not rely unconditionally on my restraint.” He had already warned a number of clinics for significant violations that they would result in fines.
It was about “significant technical and organizational deficiencies.” In Brandenburg, it was said in the “conversion phase” consultations would be more effective than the “immediate application of the tightened fine rules”. However, fines would “make use of them in the future,” emphasized data protection officer Dagmar Hartge.
The Data Protection Authority of Lower Saxony is currently conducting a “cross-sectional inspection” of 50 companies in Lower Saxony for the GDPR implementation.
We can only agree with the Berlin data protection officer Maja Smoltczyk, “The General Data Protection Regulation represents a first important step in helping to safeguard our freedoms” .
This publication is licensed under a Creative Commons Attribution 4.0 International
More information on the licence can be found here.