In May 2018, the General Data Protection Regulation (GDPR) became German law. The GDPR requires companies to handle their customers’ data with care and demands that they report any data breaches within a maximum of 72 hours. Violations can result in fines of up to 20 million euros or 4 percent of annual global sales.
In the first few months, fines were comparatively low; companies affected by data leaks received helpful advice from the data protection authorities rather than draconian punishments. However, in October 2019 the German Data Protection Conference published a standardized calculation key for fines, depending on various economic factors and the severity of the offence.
Read More