Supervisory authorities enforce requirements of the GDPR in 2019.

In 2019, the supervisory authorities of the federal states want to increase their monitoring of data security in companies. Failure to comply with data protection obligations can be expensive. Those who have not yet implemented the requirements of the GDPR should take action to avoid a fine from the supervisory authority.

The Bavarian State Office for Data Protection Supervision is currently conducting data protection audits on an ad hoc and ad hoc basis. Since November 2018, small and medium-sized companies have been audited with regard to the implementation of the obligations of the GDPR; for larger companies, the data protection organisation and, if SAP systems are used, the timely deletion of personal data are to be audited.

In November 2018, the supervisory authority of Baden-Württemberg imposed a first fine of €20,000 on a company that had unauthorisedly disclosed personal data of approximately 330,000 users through a hacker attack, including passwords and email addresses. The company had stored the passwords unencrypted in its database and thus violated its obligation to ensure data security in the processing of personal data pursuant to Art. 32 para. 1 lit a DS-GVO. Most recently, the State Data Protection Commissioner of Baden-Württemberg announced in a press conference on 04 February 2019 that it will conduct more announced and unannounced inspections at companies this year. Audits can be carried out by written procedure or on site.

If you have ignored the issue of data protection until now or hope to avoid unpopular warning letters simply by having a data protection declaration on your website, you urgently need to take action: Create the required documentation now, ensure contractual regulations for commissioned processing and appoint a data protection officer where necessary. Violations of the regulation can be punished by the supervisory authorities with fines of up to 20,000,000 euros or up to 4% of the total annual turnover achieved worldwide.