The GDPR in Europe has gone global through the media in recent months, and even non-European companies have had to deal with it in part. Many, no matter where they are based, found that annoying, but implemented the requirements. Others had their problems, especially in the technical part of the implementation and are still sometimes not finished. Then there are those who simply hope that everything will be fine.
The first month after the entry into force of the GDPR was still quite quiet – but now a disciplinary warning letter was made: Due to a non-existent SSL certificate in a contact form, a German-based shop owner have to pay 12,500 euros. A high sum, for such an “offense”. How can that be justified?
The person who sent the disciplinary warning letter here states that he was very upset because of the lack of encryption. He explains the high sum as justified smart-money, which is appropriate for his “personal distress”. As for the shop owner who received the disciplinary warning letter, whether the required sum is really justified, must be judicially examined. So it can not be done just like that.
This case shows what the future with the GDPR can look like. Already, many companies are completely overwhelmed with the implementation or simply do not know what they actually have to do. Micro enterprises in particular can not always afford expensive legal advice and the implementation of GDPR by agencies. And even then a small mistake or a carelessness can lead to expensive disciplinary warning letters.GDPR: disciplinary warning letter with smart-money claim