Search

Publikacje

INFRINGEMENT OF GDPR AND RELATED FINANCIAL RAMIFICATIONS

With the effectiveness of the Regulation, the
Inspector General for Protection of Personal Data
(“GIODO”) is given the power to impose
administrative fines in an amount commensurate
with the severity of a specific infringement. The
fines imposed in each individual case must be
effective,
proportionate
and
dissuasive. Administrative
fines
are
imposed
depending on the circumstances of each individual
case. When deciding on the amount of the
administrative fine, due regard is given, among
others, to the following:

1. the nature, gravity and duration of the
infringement;
2. the intentional or negligent character of
the infringement;
3. any action taken by the controller or
processor;
4. the degree of responsibility of the
controller or processor;
5. previous infringements; and
6. the categories of personal data affected by
the infringement.

If a controller or processor infringes several
provisions of the Regulation, for the same or linked
processing operations, the total amount of the
administrative fine cannot exceed the amount
specified for the gravest infringement.

The amount of the administrative fine depends on
what infringement has been committed. The
Regulation differentiates between two categories of
infringements.
The
first
one
comprises
infringements of the fundamental rules of data
processing. These infringements are subject to an
administrative fine of up to EUR 20,000,000, or in
the case of an undertaking, of up to 4% of its total
worldwide annual turnover of the preceding
financial year, whichever is higher. The other
category includes infringements of the obligations
of the controller and the processor comprised in
the exhaustive list of Article 83.4 of the Regulation.
These
infringements
are
subject
to
an
administrative fine of up to EUR 10,000,000, or in
the case of an undertaking, of up to 2% of its total
worldwide annual turnover of the preceding
financial year, whichever is higher. The fine amounts have been reduced to PLN 100,000 for the
public entities referred to under Article 9(1)-(12)
and (14) of the Public Finance Act of 27 August
2009.

The PLN equivalent of the above amounts expressed
in EUR is calculated at the average EUR exchange
rate published by the National Bank of Poland in
the table of average exchange rates as at 28
January of each year.

It is also worth noting that any person who has
suffered material or non-material damage as a
result of an infringement of the Regulation has the
right to receive compensation from the controller
or processor for the damage suffered. The right to
receive the compensation referred to above is
exercised under court proceedings.

Given the high rates of fines that can be imposed,
it is by no means too early for processors to take an
interest in putting in place new arrangements to
ensure compliance with the Regulation.

MILLER, CANFIELD,
W. BABICKI, A. CHEŁCHOWSKI I WSPÓLNICY SP.K.
ul. Batorego 28-32
81-366 Gdynia
Tel. +48 58 782-0050
Fax +48 58 782-0060
gdynia@pl.millercanfield.com
ul. Nowogrodzka 11
00-513 Warszawa
Tel. +48 22 447-4300
Fax +48 22 447-4301
warszawa@pl.millercanfield.com
ul. Skarbowców 23a
53-125 Wrocław
Tel. +48 71 780-3100
Fax +48 71 780-3101
wroclaw@pl.millercanfield.com

Disclaimer: This publication has been prepared for clients and professional associates of Miller Canfield. It is intended to provide only a summary of
certain recent legal developments of selected areas of law. For this reason the information contained in this publication should not form the basis of any
decision as to a particular course of action; nor should it be relied on as legal advice or regarded as a substitute for detailed advice in individual cases.
The services of a competent professional adviser should be obtained in each instance so that the applicability of the relevant legislation or other legal
development to the particular facts can be verified.