At the end of 2019, German data protection authorities indicated that they would intensify the use of the framework of sanctions of the GDPR in 2020. Initially, authorities focused primarily on monitoring, advising and supporting companies in the implementation of GDPR.

Enforcement of fines

In the past, we have reported on several record breaking fines. For example, at the end of November 2019 the data protection authorities imposed fines on German real estate company Deutsche Wohnen for violation of the DSGVO (the German version of GDPR). Not only is the financial damage enormous, but the company’s image has sustained considerable damage.

As of this year, penalties for breaking GDPR rules will be applied more consistently and more severely. Companies that have so far failed to implement GDPR must take action now to prevent sanctions.

Lessons can be learned from the experiences of companies that have already paid heavy fines. For example, the technical challenges in implementing the GDPR, such as the capacity to comply with the deletion of data, have proven to be one of the biggest problems. But that is not all; major policies such as risk management strategies have had to be adapted, following GDPR breaches.

Because the fine is calculated based on annual turnover, it is important that every company, regardless of its size, takes appropriate precautions. In this way, companies can avoid ending up being the center of attention of both the press and data protection authorities. Nearly two years after the introduction of the GDPR, citizens, and thus the customers of companies, are increasingly aware of their data protection rights. In the future, companies will therefore be confronted much more frequently with the task of providing information on Personal Identifiable Information (PII) that are in their possession or verifiably deleting such data.

How can companies protect personal data?

As authorities will increasingly focus on data protection in 2020, this potentially increases the actual issuing of fines for violations. Companies are therefore recommended to further prioritize GDPR compliance.

The use of the latest technologies is essential in this regard. Panda Security provides this with Panda Adaptive Defense 360, its advanced cybersecurity solution, which includes Panda Data Control, a module specifically designed to help comply with the GDPR.

This solution provides security, visibility and control of users’ personal data in real time. One of the most important features is the powerful and configurable search engine. It is able to find files with data for specific users under any search parameter. Panda Data Control can also detect, check and monitor unstructured personal data (data not contained in a database or any other structured format).

This allows companies to comply with their duty to document data: Full control over the personal data stored; where it is stored and how it is moved.