The European Data Protection Board (‘EDPB’), composed of representatives of the EU national data protection authorities has drafted new guidelines with respect to the calculation of fines in case of non-compliance of the General Data Protection Regulation (‘GDPR’). These Guidelines complement the previously adopted Guidelines on the application and setting of administrative fines dating from 2016, which focus on the circumstances in which to impose a fine. This post outlines the main elements of the proposed guidelines and sets out the differences with the current national guidelines.
The General Data Protection Regulation celebrated its third anniversary in 2021. Privacy is a subject that is now on the agenda of most organisations. Moreover, the developments in this area of law are moving fast. The European and national legislators are not sitting still, and the same can be said of the supervisory authorities. Also,
The Dutch Data Protection Authority (‘DPA’) imposed an administrative fine of € 525,000 on the Dutch Tennis Union for selling the personal data of its members to two sponsors. These sponsors approached part of these members with (tennis related) offers. Below we will discuss several interesting points from the DPA’s decision. (Co-)controllership The Tennis Union