A newly published GDPR Enforcement Tracker Report has analysed fines of the European data protection authorities based on the General Data Protection Regulation (hereinafter “GDPR”), inter alia, on the type of violation, the country and the relevant business sector. The analysis revealed two predominant groups of GDPR violations which led to both the highest number and the largest amounts of fines: i) insufficient legal basis for data processing (Art. 5 and 6 GDPR) and ii) insufficient technical and organisational measures to ensure information security (Art. 32 GDPR).

In order to bolster data security, the authors of the analysis recommend introducing and maintaining state-of-the-art technical and organisational security measures. Primarily, this would include the implementation of industry standards such as ISO/IEC 27001. However, this would not be a “one-off exercise” as data security measures should be reviewed and adjusted regularly. In addition, businesses should hold training sessions on GDPR requirements for their employees. Finally, as part of organisational security measures, organisations would need to be prepared to immediately take the necessary actions in case of data breaches, especially in order to avoid high fines by data protection authorities.

Find a summary of the here GDPR Enforcement Tracker Report: https://www.deutscheranwaltspiegel.de/businesslaw/datenschutz/cyber-attacks-have-increased-21934/