This week, FEDMA submitted its response to the European Data Protection Board (EDPB) consultation on the draft Guidelines 04/2022 on the calculation of administrative fines under the GDPR.
With the aim to further harmonize the fine calculation procedure across national Data Protection Authorities (DPAs), the Draft is to also be welcomed as a useful instrument for companies to better assess the risk of potential fines in the future. In the event of a company’s own GDPR infringements, the Guidelines and their five-stage calculation methodology offer greater predictability of the resulting fine amount.
However, whether the effects of harmonization and greater transparency will also be reflected in the actually imposed fines cannot be predicted with certainty, given the dependence on the circumstances of the individual case and the possibility for DPAs to deviate from the proposed methodology.
In this context, FEDMA recommends the EDPB to:
tackle fragmented GDPR interpretations as the underlying condition for harmonized enforcement
- Striking the right balance between national discretion and EU-level harmonized enforcement
- Ensuring that DPAs appropriately apply all corrective measures under the GDPR
- Adding further examples to facilitate legal certainty and consistency
- Balancing the assessment of the seriousness of the infringement
- Clarifying the intentional or negligent character of the infringement in specific circumstances
- Considering the application of privacy-preserving techniques on the data affected
- Further endorsing adherence and compliance to approved codes of conduct as mitigating factors
- Including the organisations’ balance exercise between different fundamental rights as a mitigating factor
Find here the full text of FEDMA’s response