During its latest plenary, the EDPB adopted a final version of the Guidelines on the calculation of administrative fines following public consultation. These guidelines aim to harmonise the methodology data protection authorities (DPAs) use to calculate fines and include harmonised ‘starting points’. Hereby, three elements are considered: the categorisation of infringements by nature, the seriousness of the infringement and the turnover of a business.
The guidelines set out a 5-step methodology, taking into account the number of instances of sanctionable conduct, possibly resulting in multiple infringements; the starting point for the calculation of the fine; aggravating or mitigating factors; legal maximums of fines; and the requirements of effectiveness, dissuasiveness and proportionality.
Following public consultation, an annex was added with a reference table summarising the methodology and two examples of practical application. As explained in the reading guide, the table and the examples are for illustration purposes only and have to be read in conjunction with the Guidelines.
The guidelines are an important addition to the framework the EDPB is building for more efficient cooperation among DPAs on cross-border cases, a strategic priority for the EDPB.
Also following public consultation, the EDPB adopted a final version of the Guidelines on the application of Art. 65(1)(a). The guidelines aim to delineate the main stages of the Art. 65 procedure and to clarify the competence of the EDPB when adopting a legally binding decision on the basis of Art. 65(1)(a) GDPR. Following public consultation, the guidelines were amended to introduce clarifications and reflect recent developments, such as the adoption of the EDPB Guidelines on the application of Art. 60 GDPR and changes to the EDPB Rules of Procedure. In addition, an executive summary was added.