GDPR fines – cases, criteria, and calculation

ECJ on misuse of requests for information

Data protection in Europe

When is a request for information excessive? ECJ names specific test points

According to the ECJ, an initial request for information can also be „excessive“ within the meaning of Art. 12 (5) GDPR if the controller proves that the request is not

March 19, 2026

Reporting process in the event of a data breach

Article by Marcus Belke

Report a data breach correctly: Reporting process according to GDPR with deadlines, evaluation and documentation

Data breaches are now one of the most common compliance incidents in organizations. Incidents have to be assessed, reporting obligations checked, measures documented and communication decisions made within a short space of time. We provide

March 17, 2026

Article by Marcus Belke

Audit preparation in data protection

Good audit preparation requires clear responsibilities, structured evidence and transparent processes. Find out how auditors think, what weaknesses frequently occur in data protection audits and how you can

March 5, 2026

In the event of a data leak at the processor, the controller is liable.

Article by Aristotelis Zervos

Failure to monitor processors: BGH extends liability of the controller

A recent ruling by the Federal Court of Justice (BGH) provides clarity regarding non-material damages pursuant to Art. 82 GDPR in the event of a data leak at a former processor.

January 14, 2026

Compliance with transparency and information requirements will be the focus of GDPR audits in 2026.

Article by Aristotelis Zervos

GDPR audit priorities for 2026: Transparency and information obligations in the focus of the authorities

The European Data Protection Board's coordinated enforcement action 2026 focuses on the transparency and information obligations under Articles 12, 13, and 14 of the GDPR. What this means in concrete terms for

January 5, 2026

The new GDPR procedural regulation has been sent to the European Parliament for examination.

Data protection in Europe

A new approach to cross-border data protection: an overview of the planned GDPR procedural regulation

On June 27, 2025, the Council of the European Union adopted a draft regulation laying down additional procedural rules for the enforcement of the GDPR in cross-border cases.

July 3, 2025

The DSK has published a new model guideline for uniform standards for data protection fine proceedings (MRiDaVG).

Data protection in Germany

Uniform standards for data protection fine proceedings: the new DSK model guidelines (MRiDaVG)

On June 16, 2025, the Conference of Independent Federal and State Data Protection Supervisory Authorities (DSK) adopted the Model Guidelines for the Procedure on Fines (MRiDaVG).

June 26, 2025

Volkswagen was able to refute the accusation of violations of the GDPR in court.

Compliance

Volkswagen successfully defends itself against high GDPR fine and warnings

The automotive group has appealed against both a fine of 4.3 million euros and several warnings from the State Commissioner for Data Protection of Lower Saxony (LfD).

June 16, 2025

Data protection

The five highest fines in August 2024

The 290-million fine imposed on the ride-hailing company Uber is not the only thing that stands out in August. Why the negligent mistake of a single employee can be expensive for a company,

September 3, 2024

Data protection in Europe

The five highest fines in July 2024

The top 5 GDPR fines list for the month of July shows that serious breaches of the GDPR are being prosecuted and penalized across Europe. This is what the well-known second-hand portal Vinted

August 6, 2024

Article & News

Tag: DSGVO-Bußgelder