Analyzing Early GDPR Enforcement: Portugal and Germany

The first major case under the GDPR has arrived in the form of a French enforcement action against Google, with a €50-million penalty for improperly disclosing to users how data is collected. It was not, however, the first Member State action since the law’s implementation in May 2018 – there have been actions in the U.K., Austria, Portugal and Germany that provide clues about how regulators will be enforcing the new law against small and mid-size companies, and how companies should strengthen their privacy and security programs to meet expectations. In this installment of our article series, we discuss with local experts recent cases involving a hospital in Portugal and a social media site in Germany. Subsequent articles will address the AIQ case in the U.K., a series of cases in Austria and the French action against tech giant Google. See our two-part interview with the Irish Data Commissioner: “Supervising Facebook” (Apr. 25, 2018); and “GDPR Enforcement Priorities” (May 2, 2018).

To read the full article

Continue reading your article with a CSLR subscription.