DLA Piper writes:
On 16 October 2019 – after weeks of rumors and speculations – the German data protection authorities (‘DPAs’) published their guidelines (‘Guidelines’) for calculating administrative fines under Article 83 General Data Protection Regulation (‘GDPR’).
The Guidelines are intended to guide enforcement action by German DPAs against business ‘undertakings’. They do not apply to individuals or associations who are not acting in a business capacity. Importantly the methodology set out in the Guidelines for calculating fines is not intended to be exhaustive and will be subject to further specification by the European Data Protection Board (‘EDPB’). Further, the Guidelines are not expected to be binding in cases of cross-border processing or for any non-German DPA.
Read more on Privacy Matters.