Browsing by Subject "GDPR fines"

The Research aims to study the notions of responsibility and liability of controllers and processors and their development that led them to the current status under the GDPR. The Research will also evaluate the importance of the changes in business practices, whether the transmission to the GDPR regime was easy, and whether it was fully completed. The First Chapter of the Research studies the development of data protection legislation at the national and international levels, as well as the main points about data protection law in the EU, focusing is on the development of the responsibility and liability of controllers and processors. In the Second Chapter, the Research studies the approaches to the responsibility and liability of controllers and processors in the EU in detail. The provisions of the GDPR will be explored in comparison with the DPD, and the main changes for controllers or processors are discussed. In the Third Chapter, three recent cases related to non-compliance of different types of controllers: a public authority, a legal service provider and a retailer. This chapter studies the actual examples of challenges of the controllers and their consequences. The Research found that in any period of the development of legislation and at any level, the controller remained primarily responsible and liable, even when the concept of the processor was formed under the DPD. Even though the GDPR introduced several duties that aimed at both the controller and processor and those that were targeting the processor specifically, the existing available practice mainly concerns the controller. The Research also showed that there is still a need to improve the controller’s compliance with the obligations imposed under the GDPR.