• |

Feb. 6, 2019

Analyzing Early GDPR Enforcement: Portugal and Germany

  • Rebecca Hughes Parker
    Anti-Corruption Report
The first major case under the GDPR has arrived in the form of a French enforcement action against Google, with a €50-million penalty for improperly disclosing to users how data is collected. It was not, however, the first Member State action since the law’s implementation in May 2018 – there have been actions in the U.K., Austria, Portugal and Germany that provide clues about how regulators will be enforcing the new law against small and mid-size companies and assessing fines, and how companies should approach privacy and security, including when they conduct cross-border investigations and perform due diligence. In this article series, we discuss recent cases with local experts, including the theft of accounts from a social media site in Germany, leading to the Data Protection Authority’s (DPA) discovery of passwords stored in plain text, as well as a hospital in Portugal that had a deficient access policy that was uncovered by a newspaper, prompting an investigation by the DPA. See “GDPR Readiness: Legal and Technological Implications for Third-Party Monitoring in the E.U. and Beyond” (Mar. 7, 2018).

To read the full article

Continue reading your article with an ACR subscription.

Most-Read Articles

Spotlight on Trailblazing Women

To mark International Women’s Day 2024, women editors and reporters of ION Analytics interviewed outstanding women in the industries and jurisdictions we cover. In this part, Jill Abitbol, Managing Editor of the Cybersecurity Law Report and Anti-Corruption Report, features notable women in data privacy, cybersecurity, white collar defense, compliance and anti-corruption law, including Christina Montgomery, Leslie Shanklin, Palmina Fava, Alexandra Ross and Lucinda Low. Enjoy reading their inspiring remarks here.