Pilar Rodríguez Lopez, Astrid Hardy, Diego Zapatero Méndez, and Diana Lopez of DAC Beachcroft write:
It has been over three years since the introduction of the General Data Protection Regulation (“GDPR”) on 25 May 2018. Since coming into force, it has been reported that over EUR 292m of fines have been issued for wide-ranging infringements of the GDPR. The GDPR provides a range of investigation and enforcement powers to Data Protection Authorities (“DPAs”) and although slow to impose large fines at first, the DPAs are now increasing both the frequency and severity of their fines and penalties to ensure compliance. In particular, the Spanish DPA (“AEPD”) is setting a new standard this year by moving away from cautious enforcement to setting record level fines.
Read more on Lexology.