← Back to context

Comment by dangrossman

7 months ago

You can filter this list to see 200+ GDPR fines assigned to sole proprietors, the smallest of small businesses, individuals that haven't even registered a separate entity for their business:

https://www.enforcementtracker.com/

They're only cataloging the (2500+) publicly known ones, most of which have a link to a news article. As an example: some guy in Croatia emailed a couple websites he thought might be interested in his marketing services, and provided a working opt-out link in his cold emails. One of them reported the email to the Italian Data Protection Authority who then put him through an international investigation and fined him 5000 euro.

"Assuming here that the reasons expressed in the aforementioned document have been fully recalled, [individual] was charged with violating articles 5, par. 1, letter a), 6, par. 1, letter a) of the Regulation and art. 130 of the Code, since the sending of promotional communications via e-mail was found to have been carried out without the consent of the interested parties. Therefore, it is believed that - based on the set of elements indicated above - the administrative sanction of payment of a sum of €5,000.00 (five thousand) equal to 0.025% of the maximum statutory sanction of €20 million should be applied."

2 comments

dangrossman

Reply
cameronh90  7 months ago

It's worth noting that each country has a different approach to GDPR enforcement (which arguably defeats the point of it but that's another discussion).

The UK tends to be a lot more (IMO) reasonable in its approach than some other European countries. Italy tends to be one of the strictest, and likes to hand out fines, even to private individuals for things like having a doorbell camera. The UK has only fined one person on that basis, and it was more of a harassment case rather than just simply that they had a camera.

ICO and Ofcom aren't generally in the business of dishing out fines unless it's quite obviously warranted.

jimnotgym  7 months ago

To clarify, I'm not interested in this, because it doesn't answer the question at all. I don't want a Googled answer, I want personal experience.

For instance, I know of a company that flouted GDPR and got multiple letters off the ICO trying to help them with compliance before finally, months later, they ended up in court and got a very small fine.

Edit: it is not cool to edit your post after I replied to make it look more reasonable