[NeedMoreTea]

Except we see just the fine. We have no idea how many attempts and warnings to get them to comply were sent first. It wasn't one email, it was multiple emails, multiple times over months.

This site makes no mention of warnings and escalations, and ICO at least doesn't normally announce that for individual cases. Though they do put out aggregate stats. When they have fines are clearly shown as arising in a small minority of cases.

[easytiger]

There are other examples at least from Germany where no warning or time to rectify was given, just a fine.

https://iapp.org/news/a/germanys-first-fine-under-the-gdpr-o...

[NeedMoreTea]

800k email records and passwords in plain text when breached. I don't know how big Knuddels are, so I don't know if that fine sounds lenient, right or high. Yet as it's a large breach it seems fitting of no warning first, considering the scale of negligence, mitigated by their "exemplary cooperation" afterwards.

Which goes to show why the regulators get the discretion to decide appropriate action from warning only to maximum fine. Without context and aggravating and mitigating factors we can't know, which was my point. If a penalty is disproportionate there's well worn appeal tracks.

Other comments seem to point to the small case in OP comment being some guy running a list to harass people, which seems like a huge aggravating factor to me. Maybe he got one warning, maybe in context he didn't deserve even that.

[TomVDB]

> We have no idea how many attempts and warnings to get them to comply were sent first.

True. But I doubt that even the most ruthlessly efficient GDPR enforcement authority could multiple enforcement requests between mid July and end July.

[sgift]

Why are multiple requests needed? You do shit, you get a request to stop it, you don't do it, you get hit with a fine. How many requests do you expect the authorities to send? 5? 10? 100? If I get summoned to court and don't follow it I get a fine. How is this any different?

[NeedMoreTea]

Sure, but offences between July and September 2018, and convicted Feb 2019 only against the small sub selection in July.

There's potential time for quite a few ignored warnings before prosecution, but I don't know and can't find out from here if or if not.

[tjoff]

They almost certainly got complaints from the users on that list. You tend to get pretty swift response from that.

Very likely that they just ignored it.