In addition to the list of processing activities, companies must also be able to present their technical security precautions . The specific security measures that must be applied depend on the scope of data processing and the risk to the rights and freedoms of the data subjects. Those responsible must therefore carry out a risk assessment of their data processing in advance. In any case, failure to document the security precautions will be subject to fines in the future. The new sanction rights of the GDPR show that this can be very expensive.
The new GDPR sanctions: It can be very expensive!
Currently, under the BDSG, fines of up to 300,000 euros taiwan number dataset are possible per individual case. The new European legislation on data protection has made the existing sanctions much more stringent. These are increasing to reduce the impact. However, due to the new fine framework, it can be assumed that fines will increase in the future. In addition to reputational losses, companies must constantly keep an eye on the new, more stringent sanctions framework when violating data protection law.
basis for calculating sanctions
Of course, not every company will be given the maximum fine in the future potential penalties for email marketing. The assessment is based on specific assessment criteria that are also set out in the GDPR. These include, for example, the type, severity and duration of the violation as well as categories of personal data affected by the violation. The extent of cooperation with the supervisory authority to remedy the violation and mitigate its possible adverse effects also has an impact. However, due to the new fine framework, it can be assumed that fines will increase in the future. In addition to reputational losses, companies must constantly keep an eye on the new, stricter sanctions framework when violating data protection law.
Data Transfer & Tracking in the Digital Industry
Data processing by service providers or "in the cloud"
The processing of personal data in a company is often carried out in whole or in part by third parties, so-called contract data processors . The requirements for this cooperation will change in some respects under the GDPR, but in principle the contractually agreed outsourcing of data processing will remain the same. Even under the new regulations, the commissioned service provider is strictly bound to follow instructions and is therefore not permitted to process the transmitted data for its own purposes. For this reason, the commissioning company must carefully select and monitor the contract processor.
Before data processing begins, all rights and obligations must be agreed in a contract . Only then may the data processing begin. The company that transfers the data is primarily responsible for complying with the legal regulations on data processing. If the requirements for data processing are not met, fines of up to 10 million euros may be imposed in the future.
data transfer guidelinesIn addition, the processing service providers will also be held more accountable in the future. Until now, responsibility lay solely with the transmitting company, but according to the EU General Data Protection Regulation, the processor will now also be jointly responsible.