[candiodari]

IF we apply the same to political organisations leakage, then ok.

Keep in mind that Congress, EU parliament, EU commission and I'm sure many others were all hacked in the past 2 years. Needless to say, they all see themselves as above this whole regulation thing.

And of course, those penalties cannot come from the tax coffers. They need to be leveled against the pay of the politicians, because otherwise how could they ever work ?

The EU parliament's websites are currently clearly in breach of the GPDR as well. Let's start there, shall we ?

As long as this is their attitude, I feel like this is not an acceptable solution.

[sievebrain]

You are correct sir, however the EU commission believes it doesn't actually have to follow the gdpr at all! They were called out on their non compliant website shortly after the law activated and announced that for "legal reasons" they didn't have to follow it.