[Dayshine]

Have you received genuine legal advice that recommended that you shut down business instead of continuing to work towards compliance?

The agencies that can enforce the GPDR want you to be compliant, not to fine you... If you're actually working towards compliance past evidence shows they won't fine you.

[sdhgaiojfsa]

I've heard this line a lot, but even as a government loving liberal it doesn't sound very compelling to me. The law says, comply or face fines up to 4% of global revenue. It doesn't say, "make a best effort to comply, or face fines up to 4% of global revenue." I'm very reluctant to trust people who can fine me for that much money that they won't do so. This is especially the case because it appears to some of us foreigners that the EU particularly loves to fine foreign companies for large amounts despite what appears, from our perspective, to be a good faith attempt that to comply with the law.

[Dayshine]

https://gdpr-info.eu/art-83-gdpr/

>2When deciding whether to impose an administrative fine and deciding on the amount of the administrative fine in each individual case due regard shall be given to the following:

> any action taken by the controller or processor to mitigate the damage suffered by data subjects;

>the degree of cooperation with the supervisory authority, in order to remedy the infringement and mitigate the possible adverse effects of the infringement;

>the manner in which the infringement became known to the supervisory authority, in particular whether, and if so to what extent, the controller or processor notified the infringement;

>where measures referred to in Article 58(2) have previously been ordered against the controller or processor concerned with regard to the same subject-matter, compliance with those measures;

>any other aggravating or mitigating factor applicable to the circumstances of the case, such as financial benefits gained, or losses avoided, directly or indirectly, from the infringement.

So, a whole bunch of very explicit things that are to be used when deciding if whether to impose a fine (at all).

[Tomte]

The EU regularly fines domestic companies huge amounts in anti-trust enforcement.

[mtaksrud]

True that the text doesn’t say this, but several of the privacy authorities in the different jurisdictions in Europe have been stating this publicly in interviews. The last one I saw was the ICO in the UK today on BBC Click saying exactly this...

[sdhgaiojfsa]

The text is what matters. You cannot defend yourself in court with the content of interviews.

[markus92]

Actually, you can in Europe. Context of law is more important than letter of law, as opposed to the US.

[krageon]

Of course you can. Otherwise what would be the point of them in the first place?

[mtaksrud]

...and maybe you should take a look at something like this https://ico.org.uk/for-organisations/resources-and-support/d...

[mtaksrud]

https://youtu.be/GyUi8uB3VtQ

[celticninja]

I would be interested in seeing examples of large fines that have been handed out to business by the EU that don't first of all meet the general conditions mentioned in this article.

https://jacquesmattheij.com/gdpr-hysteria

[downandout]

The agencies that can enforce the GPDR want you to be compliant, not to fine you.

Says who? The only perfectly clear parts of the GDPR revolve around the massive fines.

[ggg9990]

The EU actually loves levying huge fines against rich US tech companies. Why do you think they prefer compliance to fines?

[Angostura]

Well, let's take a famous example. The €4.2bn fine given to Google in 2017 for abuse of its market position in pushing its own shopping results.

https://www.theguardian.com/business/2017/jun/27/google-brac...

Shocking stuff.

Except the Commission actually gave Google quite detailed advice over 5 years earlier about what it needed to do to be compliant.

https://www.ft.com/content/564a284a-a334-11e1-8f34-00144feab...