TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Daily Dashboard | CJEU clarifies DPAs' legal grounds for issuing fines under GDPR Related reading: Notes from the IAPP Europe, 23 Feb. 2024



The Court of Justice of the European Union reaffirmed the conditions data protection authorities can issue fines to data controllers under the EU General Data Protection Regulation. The CJEU ruled a data controller should not receive a fine unless the violation of the GDPR was committed "intentionally or negligently." The decision stemmed from cases originating from Lithuania and Germany, which dealt with the Lithuania National Public Health Centre processing citizens' data for its COVID-19 monitoring app and a German real estate company retaining customer data longer than necessary.
Full story

1 Comment

If you want to comment on this post, you need to login.

  • comment SAYYAPARAJU PANDURANGA RAJU • Dec 6, 2023
    The clarification issued by CJEU in the matter of imposition of penalties by national supervisors goes a long way in protecting the interests of the organizations that end up in unintentional infringements.
    Vast number of organizations are yet to be fully equipped in terms of understanding/knowledge of GDPR, having a dedicated DPO (in house or through contract arrangement), putting in place necessary IT/Software infrastructure/systems.  There are challenges faced in interpretation of regulations/laws that lead to non-compliance.  GDPR compliance has cost implications that smaller organizations (though above threshold turnover limits) find hard to bear.  All these factors do contribute in non-compliance though unintended but are subject to financial and reputation risks due to penalties.
    It is in this backdrop, the CJEU's clarification on application of GDPR non-compliance only on account of action by organizations due to their negligent or intentional acts is a welcome step and augurs well.