With the EU General Data Protection Regulation (GDPR) having been applicable for almost two years now, data protection supervisory authorities (DPAs) are entering into full enforcement mode all over Europe, resulting in significantly higher fines compared to the pre-GDPR world. Several multimillion-euro fines have already been issued, such as a €50 million fine against Google in France (for processing personal data without legal grounds and infringement of transparency and information duties), and in Germany, a €14.5 million fine against a real estate company (for operation of a non-compliant archiving system) and a €9.5 million fine against a telecom service provider (for insufficient data access verification). Even rather minor non-compliance may lead to six-figure fines, such as sending out one hospital bill to the wrong patient (€105,000 – Germany).
It is still unclear what requirements many GDPR provisions impose. At the same time, the number of complaints to the authorities is increasing. Thus, even companies that have gone a long way to ensure compliance with data protection risk proceedings being initiated against them.
What should you do when approached by a DPA – cooperate or fight? In this webinar DLA Piper’s data protection and litigation experts will provide you with a realistic overview of the current GDPR enforcement environment and an analysis of how fines are calculated. We will focus on presenting smart strategies on how to deal with DPA proceedings and how to avoid high fines.
Verena Grentzenberg is a partner at the Hamburg office of international law firm DLA Piper specialising in data protection law and cybersecurity. Verena focuses on advising new business models (especially in the online sector, including social media) and regularly provides advice regarding big data projects and AI. She assists with global transfers of employee and customer data, CRM projects, cloud computing solutions and data breach handling, and has carried out numerous GDPR compliance programmes for her clients. In the last decade she has aligned with different supervisory authorities on new business models and also has extensive experience in representing clients in supervisory authority proceedings. Legal 500 Germany 2019 named her as a “next generation lawyer” in data protection, and according to the JUVE Handbook 2019/2020, she is frequently recommended for “technology and media: data protection”. The Handelsblatt in cooperation with Best Lawyers 2020 recommends her for data protection and privacy law.
Christoph Engelmann is a counsel at DLA Piper’s Hamburg office. He defends national and international companies in various regulated industries in administrative offence proceedings against corporate fines, including in data protection law, broadcasting law and telecommunications law. In addition, he advises international media, telecommunications, gambling and payment services companies on gambling and media law as well as in other regulated areas of law. He represents his clients before regulatory authorities (including data protection authorities, gambling authorities, state media authorities and the German Federal Network Agency) and before administrative courts.
Jan Spittka is a counsel at DLA Piper’s Cologne office and is specialised in data protection law and cybersecurity. Jan advises companies on complex data protection issues like the introduction of new systems and technologies, international data transfers, cloud computing projects, processing of health and other sensitive data or data breach handling and notification. He has extensive experience in representing clients in supervisory authority proceedings as well as in civil actions filed by competitors, consumer protection organisations or individual data subjects. Jan is the author of numerous publications on data protection and co-author of a handbook on the GDPR as well as the first German legal handbook on Industry 4.0 and the Internet of Things. During his legal traineeship, he worked for a German data protection authority.