Being a great tool for privacy pros to keep up to date with extensive case law, it also increases the overall awareness of how data protection laws are applied in cooperation between the lead DPA and the other DPAs concerned (the GDPR Article 60).
As I expect more comments on this occasion in the days/weeks to come, for now just two interesting points:
– most cases published so far are related to data subject rights and lawfulness of the processing;
– so far, lead DPAs issued more compliance orders and reprimands than fines.
To read more – see below.
https://edpb.europa.eu/news/news/2020/edpb-publishes-new-register-containing-one-stop-shop-decisions_en
Thanks for posting this, Konstantin. And, in line with what Karen is saying, it would seem that being proactive is resulting in lesser penalties (as opposed to money) than would otherwise be the case. Being proactive has many benefits in the real world, regardless of the country.
I am wondering that the reason why there are in main compliance orders and reprimands is because those organisations taking advantage of the ‘one-stop-shop’ are more proactive than reactive? For starters they have managed to get their business to decide on which DPA will be their lead supervisory authority, and from what I’ve seen so far, this is not as straightforward as one maybe lead to believe. It’s probably a really good sign if an organisation has taken this route, it means that the board is supportive in moving the organisation forward on a coherent GDPR path. So if they’ve got this right, then it’s likely they’ve got other stuff right too!