The general advice leading up/immediately after was that the fines would start relatively small, and then progressively grow to 10% of global revenue if they kept violating the law
My understanding is that the first fine is a shot across the bow. Now that they've been found in violation, any future violation will hold a harsher penalty.
also: the collaboration of the party is accounted for when applying the fine.
The regulation attempts to get parties to behave well, not just to punish them.
The fundamental role of the regulator is to ensure compliance with the regulations. Regulators must consider a number of factors before deciding whether to issue a fine and the size of that fine. The regulations provide for a very high maximum fine, but that would only be appropriate where the regulations have been intentionally, grievously and repeatedly breached. In the case of an unintentional breach with relatively minor consequences that is swiftly addressed by the controller, a small fine (or no fine at all) would be entirely appropriate.
I'm in the UK, and yes you can just send an email to ICO here. I contacted them about an issue with Amazon using their order update system for marketing purposes despite having opted out of marketing communicatoins, they weren't very helpful.
I have an outstanding complaint about illegal collection of biometric information and they have proved less than helpful also. The ICO doesn't really function, it never did enforce the data protection act before and so far there appears to be little change with GDPR.
Justice is not just about the law as written but also whether it can be enforced, the GDPR is not enforced in any meaningful way in the UK and companies know that.
Having a lot of experience with Romanian authorities, that's a resounding no. You can be sure a reasonably powerful political player pulled the strings on this.
Romanian here - can confirm your statement is accurate. The person in charge of Romania's GDPR enforcement agency is politically nominated by Romania's leading party - the party which made corruption semi legal. She is under investigation by Romania's Anti Corruption Directorate for illegal land restitution, and is reported to have made anti EU and anti US statements. She also threatened an enormous fine, using the GDPR regulation, for those who exposed the illegal activity of Romania's former defacto leader, imprisoned 4 months ago.
So yeah, this case raises eyebrows, given most foreign banks in Romania are proteges of corrupt politicians and the GDPR agency is lead by members of an infamously corrupt party. Perhaps this bank did something right, to actually get the fine.
Notice that in a free market economy people who want to retain privacy wouldn't provide their address to the bank in the first place. And banking services would be safer and cheaper.
But thanks to the overreaching governments, banks must collect that info.
And because government bureaucracy can only grow bigger, instead of eliminating Stalinist data gathering (privacy by design doesn't apply in this case!), the morons impose additional laws, workloads and costs on top of an already heavily regulated sector.
Finally, when TSHTF it is the guilty party and root cause of these problems that fines those who can't (or justifiably won't) cope with their nonsense.
24 comments
[ 3.2 ms ] story [ 59.0 ms ] thread[0] https://en.wikipedia.org/wiki/UniCredit_Bank_Romania
e.g. Why I have to pay 10kk when Unicredit Bank pay only 130k?
Grandparent comment implies otherwise.
https://www.cnil.fr/en/cnils-restricted-committee-imposes-fi...
* google was found in violation of 7 different articles
* it was considered to not have done anything to stop the problem and had reiterated the offense
* the issue affected a significantly larger amount of users (e.g. all android users in france)
https://gdpr-info.eu/art-83-gdpr/
1) The first fine by the Romanian supervisory authority; and
2) The first fine for breach of Article 25.
That's why I chose first Art. 25 fine as the original submission title.
Can anybody just shoot them an e-mail to start an investigation?
Justice is not just about the law as written but also whether it can be enforced, the GDPR is not enforced in any meaningful way in the UK and companies know that.
So yeah, this case raises eyebrows, given most foreign banks in Romania are proteges of corrupt politicians and the GDPR agency is lead by members of an infamously corrupt party. Perhaps this bank did something right, to actually get the fine.
But thanks to the overreaching governments, banks must collect that info.
And because government bureaucracy can only grow bigger, instead of eliminating Stalinist data gathering (privacy by design doesn't apply in this case!), the morons impose additional laws, workloads and costs on top of an already heavily regulated sector.
Finally, when TSHTF it is the guilty party and root cause of these problems that fines those who can't (or justifiably won't) cope with their nonsense.