Art. 83 GDPR provides for fines of up to 20 million euros or up to four percent of the previous year’s turnover, whichever is higher. The German supervisory authorities(fine against takeaway.com in theamount of € 195,407) are still holding back in contrast to their European colleagues.
In Poland , almost at the same time, the online store Morele.net received a fine of almost € 644,000. But in keeping with the time of year, it is also becoming more uncomfortable for companies in Germany without adequate data protection management. The federal and state data protection authorities have only recently agreed on a joint concept regarding the calculation of fines for violations of the GDPR. This is strongly oriented to the turnover of the data controller, so that the fines could be higher in the future.
It can therefore no longer be ruled out that penalties in the millions will also be imposed in Germany. All companies for which data protection is still a foreign word should now dress warmly.