The European Court of Justice issued a significant ruling that streamlines the process of imposing fines for breaches of data protection under the General Data Protection Regulation (GDPR). This consequential decision stemmed from two cases originating in Lithuania and Germany, seeking guidance on penalizing those responsible for managing data.
The judgment clarifies that for a national supervisory authority to impose an administrative fine under the General Data Protection Regulation (GDPR), there must be evidence of wrongful conduct, indicating that the GDPR violation occurred either intentionally or negligently.
