On 12 May 2022, the European Data Protection Board (the “EDPBâ€) published its Guidelines 04/2022 on the calculation of administrative fines (the “Draft Guidelinesâ€) under Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (the “GDPRâ€). The Draft Guidelines provide for a harmonised calculation of administrative fines under the GDPR. In general, the calculation of administrative fines is at the discretion of national data protection authorities (“DPAsâ€), which must assure that the latter remain effective, proportionate and dissuasive in each individual case. Under the Draft Guidelines, the EDPB provides for a five-step methodology which DPAs should apply when calculating administrative fines.
Step 1: Determining whether there are one or multiple infringements against the GDPR…
