Proceedings of the 8th International Conference on Modern Research in Social Sciences, 2024
Year: 2024
DOI:
[PDF]
European Case Law on The GDPR Violation by Natural Persons
Cornelia Beatrice Gabriela Ene-Dinu
ABSTRACT:
According to the General Data Protection Regulation (GDPR), natural persons who process personal data can be sanctioned with substantial fines in case of violation of its provisions. These fines can reach significant amounts, even in the order of millions of euros in certain serious cases of violation of the GDPR. However, it is important to note that GDPR sanctions can be applied to natural persons only if data processing is carried out outside an exclusively personal or domestic activity. In other words, if the data processing is carried out during a purely personal or domestic activity, with no connection to commercial or professional activities, then GDPR sanctions do not apply to natural persons in those circumstances. Although in theory the GDPR allows the imposition of fines of up to 10 million euros or, in certain serious cases, up to 20 million euros for violations of the regulation, in practice the actual amounts of fines imposed on individuals are likely to be much higher smaller. There are a few factors that are considered in individualizing sanctions, including the seriousness of the breach, the degree of culpability, the nature, duration and extent of the breach, the impact on data subjects, etc. It is also important to note that data protection supervisory authorities have the discretion to impose proportionate and fair fines depending on the specific circumstances of each case. Consequently, exorbitant fines are unlikely to be imposed on individuals, and the penalties applied will rather be adjusted to the individual circumstances of each case.
keywords: natural persons; data processing; violation; consent; case law