The European Union approved General Data Protection Regulation (GDPR) on 14th April 2016. It came into effect on 15th May 2018. The General Data Protection Regulation (GDPR) provides unified privacy laws across the European Union (EU). The EU has highlighted various national trends and differences in approach. One major difference that outweighs all the others is the variation in the number of fines for GDPR violations.
GDPR compliance demonstrates that the organization give due diligence to information security, privacy and rights and freedom of individuals. The European Data Protection Board (EDPB) published new guidelines on May 2022 on the calculation of administrative fines under the General Data Protection Regulation GDPR.
The EDPB’s introduced methods contain a formula to reach a “starting amount” for fines; afterwards, it can be altered based on mitigating and aggravating conditions.
A new methodology can lead to big changes, after analysing more than 300 fines, primarily the top 250 fines on organizations with an identifiable turnover. The analysis stated that Italy has imposed the largest number of fines that are going to be on the “high” end of the scale of the new methodology introduced by EDPB, however across all the supervisory authorities, organizations with a turnover of more than 250 million EUR fines are on the “low” end of the scale.
Key findings: If this methodology remains unchanged, it could lead to remarkably higher fines in the future.
Original Source Link: https://www.natlawreview.com/article/thought-those-300-gdpr-fines-were-high-think-again