Data protection authorities in Europe have not been idle in recent months. In Germany, more than 40 fines had been issued by early January 2019, according to a report, and a larger number of fine proceedings are pending. Nonetheless, the focus has tended to be on advising companies, at least outside of industries considered riskier. However, there are signs that this attitude is about to change:
- The president of the French regulatory authority CNIL, Marie-Laure Denis, has said in an interview, it now considers a stricter stance to be appropriate:
La Cnil a volontairement fait preuve de patience et de tolérance car le RGPD est un changement profond. Mais, même s’il est entré en application depuis seulement un an, le règlement a été adopté en 2016, il y a trois ans. I believe that it is now necessary to ensure greater transparency.. Notre action de régulation ne sera efficace que si nous actionnons à parts égales les deux leviers à notre disposition, c’est-à-dire la pédagogie d’un côté, et le contrôle avec éventuellement des sanctions de l’autre.
- The State Commissioner for Data Protection of Baden-Württemberg, Stefan Brink, has been quoted by the Stuttgarter Zeitung as follows:
State data protection officer Stefan Brink is currently in an awkward position. He would like to advise smaller companies and associations in particular about the General Data Protection Regulation (GDPR), which has been in force since May 25 of last year. But the task of the 60-strong authority is also to monitor and sanction possible violations. Brink is therefore currently changing course: less advice, more supervision. Last year, there were only 13 inspections. This year, the number is set to rise to 250.