cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Tekmic
Newcomer II

Administrative fines - two bullets

There are two sentences that I would like to highlight regarding the WP29 guidelines on the application and setting of administrative fines for the GDPR:

 

  • "The question that the supervisory authority must then answer is to what extent the controller “did what it could be expected to do” given the nature, the purposes or the size of the processing, seen in light of the obligations imposed on them by the Regulation";
  • "As such, controllers and processors cannot legitimise breaches of data protection law by claiming a shortage of resources".

There is work to do…

Compliance and InfoSec Consultant
1 Reply
flyingboy
Newcomer III

Rightfully, said. Less of legal compliance and more of operationalizing compliance; a shift towards demonstrating compliance and accountability.