Although the EU General Data Protection Regulation (the “GDPR”) entered into force on 25 May 2018, and the obligations under the GDPR have since taken effect, there remain significant uncertainties as regards enforcement. In particular, the application of the GDPR’s fining provisions – arguably the key concern for companies commercially – raises several issues, Continue Reading GDPR Fines – Lessons from Competition Law

On 21 November 2018, the data protection authority of Baden-Württemberg, Germany (the “authority”) imposed a fine of EUR 20,000 against a German social media provider (the “company”) for failing to encrypt user passwords. The authority’s decision marks the first time that a fine was imposed on a company for violating the European General Data Protection Regulation Continue Reading Data Protection Authority Imposes First GDPR Non-Compliance Fine in Germany