Data Protection Authority Issues First German Fine Under GDPR

Jones Day is a global law firm with more than 2,500 lawyers across five continents. The Firm is distinguished by a singular tradition of client service; the mutual commitment to, and the seamless collaboration of, a true partnership; formidable legal talent across multiple disciplines and jurisdictions; and shared professional values that focus on client needs.

Explore Firm Details

On November 21, the Data Protection Authority of Baden-Württemberg issued the first fine under the GDPR in Germany against a social media provider for violating data security requirements

Germany Privacy

Laurent De Muyter,Undine Von Diemar,Jörg Hladjk

+11 Authors

Your Author LinkedIn Connections

Article Insights

Jones Day are most popular:

within Accounting and Audit topic(s)

On November 21, the Data Protection Authority of Baden-Württemberg issued the first fine under the GDPR in Germany against a social media provider for violating data security requirements (source document in German). The company had notified the authority of a data breach after becoming aware that the personal data of 330,000 users, including email addresses and passwords, had been stolen during a hack. The authority determined that the company violated data security obligations under Article 32 of the GDPR, for example by storing the passwords in clear text. The authority imposed a modest fine of €20,000 and took into account mitigating factors such as the company's willingness to cooperate with the authority.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]

Authors