In addition privacy policy for email marketingto the new information obligations for those affected, companies must also observe a number of documentation obligations. The so-called "register of processing activities" is intended to make it easier for supervisory authorities to retrospectively monitor compliance with all obligations under the EU General Data Protection Regulation.
However, this is not entirely new. According to the BDSG, companies are already required to maintain so-called process registers, which must be presented upon request from an authority and also to those affected. What is new, however, is that in future contract data processors will also be obliged to document the data processing carried out on their behalf accordingly.
Extensive documentation requirements
In addition to the list of processing activities, companies must also belgium phone number data be able to present their technical security precautions . The specific security measures that must be applied depend on the scope of data processing and the risk to the rights and freedoms of the data subjects. Those responsible must therefore carry out a risk assessment of their data processing in advance. In any case, failure to document the security precautions will be subject to fines in the future. The new sanction rights of the GDPR show that this can be very expensive.
The new GDPR sanctions: It can be very expensive!
Currently, under the BDSG, fines of up to 300,000 euros are possible per individual case. The new European legislation on data protection has made the existing sanctions much more stringent. These are increasing to reduce the impact. However, due to the new fine framework, it can be assumed that fines will increase in the future. In addition to reputational losses, companies must constantly keep an eye on the new, more stringent sanctions framework when violating data protection law.
basis for calculating sanctions
Of course, not every company will be given the maximum fine in the future potential penalties for email marketing. The assessment is based on specific assessment criteria that are also set out in the GDPR. These include, for example, the type, severity and duration of the violation as well as categories of personal data affected by the violation. The extent of cooperation with the supervisory authority to remedy the violation and mitigate its possible adverse effects also has an impact. However, due to the new fine framework, it can be assumed that fines will increase in the future. In addition to reputational losses, companies must constantly keep an eye on the new, stricter sanctions framework when violating data protection law.
- Board index
- All times are UTC
- Delete cookies
- Contact us