zlacker

Well, lots of ends open to interpretation, and $20 mln fine - so obviously nothing to care about! Hysteria!

>>kingof+(OP)
Maximum possible fine for repeated worst possible violation after ignoring previous attempts at regulation and not making changes after previous smaller fines.

It's not a minimum.

>>DanBC+N
I think this is a common misinterpretation though because of the lanauge - that the maximum fine is actually the minimum, because the figures that are talked about are "€20m or 4% of global turnover, whichever is the greatest." It's the emphasis on "the greatest" that has an undercurrent of "we're going to fine you the maximum of these two numbers."

>>DanBC+N
It takes time, and real money to be compliant, and getting slow on this quite plausibly can make one a repeat offender. You can, of course, say "don't be slow then", however, when for an out-of-EU entity (be it biz, or NGO) simple math doesn't show it is worth the effort, then it makes perfect sense to stop offering services to EU. Which is a side effect of the legislation. OP apparently understands it puts GDPR in a bad light, so he says about "overreaction" in every topic related, and this post is likely comes as the response to the latest one.

>>kingof+(OP)
General law applies as well. There's lots of case law on the size of fines.

Which means in practice that if x other people have been fined around y for an offense similar to yours, your fine has to be in the vicinity of y. Ditto if x people have been fined more for larger offenses or less for smaller. This kind of assessment is routine. General. It's not something that needs to be written into each and every law.

>>kingof+(OP)
Also, minimal level of $10 mln doesn't look nicer unless you are a big corpo.

>>frereu+L1
I'm not sure what you mean by "actually the minimum". They will find you the maximum of those two numbers, at most, if you flagrantly disregard the law.

>>kingof+p3
But merely being a repeat offender isn't enough to trigger the maximum fine.

You'd have to be a consistant repeat offender, with no effort made at remediation, with no cooperation with the regulator, and probably handling sensitive or financial data.

Here's a list of recent actions taken. I think the current maximum fine is £500,000. Have a look through a few of these hopefully it's somewhat reassuring.

https://ico.org.uk/action-weve-taken/enforcement/

>>DanBC+N
>Maximum possible fine for repeated worst possible violation after ignoring previous attempts at regulation and not making changes after previous smaller fines.

Nothing in the GDPR states this. It's obviously the intent, but ultimately it's left up to the bon vouloir of EU regulators.

It is perfectly legal under the GDPR to make an example out of you by levying the maximum fine for a first offense, and without warning.

>>Stavro+B5
Yeah, this is the confusion - it's difficult to write it out in a way that isn't ambiguous! I think the fact that there are two numbers, the higher of which is the maximum fine, may imply to some people that the lower figure is the minimum - i.e. if 4% of your global turnover is €100m then €20m is the minimum - but of course there in fact isn't a minimum. It might have helped comprehension if there had been an arbitrary minimum figure - say €100 - to anchor the discussions.

>>DanBC+m6
Note that this is the UK agency, you might see different behaviors if you scanned the Belgian regulators enforcement list.

>>frereu+b8
Ah, I see what you mean now. That's not how I understood it, but some people might.

>>omgint+Z7
>It is perfectly legal under the GDPR to make an example out of you by levying the maximum fine for a first offense, and without warning.

No it isn't. Read Article 83.

https://gdpr-info.eu/art-83-gdpr/

>>frereu+b8
The problem with that is that it would introduce a minimum fine, where currently there doesn't need to be a fine at all (if you coöperate).

>>omgint+Z7
Article 29 states this.[0]

[0] https://ec.europa.eu/newsroom/just/document.cfm?doc_id=47889

>>jdietr+da
Neither Article 83 or 29 impose any actual limits. They say that those imposing fines should take some things into consideration. After which they can impose a multimillion-dollar fine.

>>kasey_+h8
Sure, but the people spreading FUD about this are not referencing anything at all.

>>kingof+p3
> It takes time, and real money to be compliant, and getting slow on this quite plausibly can make one a repeat offender.

When I read things like this I realize how many companies are not treating user data as they should. Protecting user data should already be built into the company software and process.

Given FB revelations and additional scrutiny to Google, I see some form of this law coming to the US.

>>matwoo+Eg
Yes. We've had PECR for years. If companies are surprised by GDPR they're probably already violating PECR.

But, dispite this widespread non-compliance and fierce fines available to the regulators the sky hasn't fallen. Why do people think GDPR is sudden;y going to make things so much worse?

>>downan+7e
Kinda common in continental European law... Nothing new, nothing to be scared of.

>>kingof+p3
The whole world has had TWO YEARS to be compliant. "It takes time" is not an excuse.

>>matwoo+Eg
As a user I suppose they should do whatever satisfies me, and I'm not always need a bunch of populists from EU parliament, who can't write a clear text, run to save me, making field even more favorable for big corpos at the expense of SMEs, and small non-profits in the course of action.

>Given FB revelations and additional scrutiny to Google, I see some form of this law coming to the US.

That would be good news for the EU, of course. Even before GDPR, entrepreneurs were routinely advised to incorporate in US instead, and the legislation likely added incentives for that.

>>DanBC+Zg
The OP reacts to news of businesses stopping serving EU, and those businesses are from outside of the Union. So PECR is not so relevant.

>dispite this widespread non-compliance and fierce fines available to the regulators the sky hasn't fallen

Don't you really see how absolutely wrong is this? When law is composed in a way which makes it in practice only selectively applicable, it leads to erosion of justice, and invites for corruption.

>>M2Ys4U+Xh
I didn't see the text TWO YEARS ago. Did you?