Skip to Search Skip to Content Skip to Footer
Sims Lifecycle Services
  • Locations
  • Blog
  • Client Portal
  • Contact
  • English
    • Deutsch
Menu
  • For Data Centers
    • Overview
    • Cloud Data Center Services
    • Colocation Data Center
    • Ultimate Decommissioning Guide
    • SLS plays a key role in helping companies manage ongoing technology shifts in data centers. Our record of success includes working with businesses, data centers and major cloud companies to provide periodic decommissioning of older data center equipment.
  • For Businesses
    • Overview
    • ITAD Services
      • RFP Template for ITAD
    • IT Asset Recovery
    • Data Destruction
      • On-Site Data Destruction
      • Bulk Data Destruction Services
      • Storage Device Types
      • Data Destruction Standards
      • Vendor Selection
    • On-Premise Data Center Decommissioning
    • E-Waste Recycling
    • ITAD Reporting and Portal
    • Logistics
    • Equipment We Process
    • SLS provides secure and compliant global IT asset disposition (ITAD), e-waste recycling and data center decommissioning services for businesses. We refurbish, repair and restore materials for continued useful life. In addition to facilitating reuse of equipment, SLS also recycles discarded electronics, transforming waste to raw material. Recycling diverts material from landfill or incineration and provides a feedstock for making next generation products.
  • For Manufacturers
    • Overview
    • Returns Management
    • Refining
    • Certified Destruction
    • Defense Contractors
    • Recycling
    • Extended Producer Responsibility
    • Portal and Reports
    • Recycling Innovation
    • How Computers Are Recycled
    • We work with manufacturers to manage reverse logistics and recover value from returned equipment. We resell whole units, manage spare parts recovery and responsibly recycle obsolete equipment. We also work with manufacturers in managing their extended producer responsibility requirements.
  • Global
    • Overview
    • Compliance
      • GDPR FAQ
    • Client Sustainability
      • Sustainability Reporting
      • Circular Economy Explained
    • International Associations
    • Consumer E-Waste
    • Leading companies trust SLS to provide a globally coordinated e-waste recycling and ITAD single solution with a high focus on data security, regulatory and corporate compliance, value recovery and sustainability.
  • About Us
    • Overview
    • Certifications
    • Sustainability at Sims
    • EH&S
    • Equipment We Process
    • Careers
    • As a business division of Sims Limited, SLS has the global reach, expertise, and infrastructure necessary to ensure to our customers that all electronic devices are processed in a secure and environmentally responsible manner.
  • News
    • Blog
    • Videos
    • Resources
    • Infographics
    • Press Releases
    • Backed by a global network of IT asset disposition and e-recycling facilities, SLS is a leader in compliant disposition and recycling of electronic equipment. Stay up-to-date with our press releases, blog, newsletter, case studies, white papers, tip sheets, infographics and videos.

NEW! - HOW TO GUIDE: Template for Developing IT Asset Disposition (ITAD) RFP

Get Your Copy

GDPR: Where are we now? And where are we going? 

GDPR compliance concept
Menu
  • Locations
  • Blog
  • Client Portal
  • Contact
February 23, 2022

While we’ve learned about how General Data Protection Regulation (GDPR) works in practical terms, there are still key issues being debated. 

Nearly four years after coming into effect, we’ve gained valuable insight into how the European Union’s GDPR is being enforced. Since 2018, over 900 GDPR-related fines have been issued across the European Economic Area and UK. (1) Those fines, appeals and resulting case law provides valuable insight into how the GDPR is being enforced and gives us a glimpse into what issues need to be resolved in the future. 

2021 was a banner year for GDPR fines. Between 2020 and 2021, the fines imposed skyrocketed from €158.5 million ($179 million) to €1.087 billion ($1.23 billion). (2) Nearly one billion Euros worth of fines were issued in Q3 of 2021, about twenty times more than Q1 and Q2’s combined totals. (1) These fines were dominated by data-driven companies, including one in Luxemburg for €746 million ($877 million), which is nearly 15 times greater than the previous fine, and is currently being appealed. 

In 2021, Luxembourg and Ireland were notable for issuing a small number of high-value and high-profile fines, while other countries, including Italy and Spain, were issuing a higher number of low-value fines. (2) While we still do not know which approach is better at driving compliance, we do have insight into why these differences exist. 

GDPR law works with a “one-stop-shop” mechanism, making multi-national companies accountable to the data protection agency in the location of their European headquarters. All complaints are funnelled through that country, though any nation affected by the complaint has a right to comment. For example, if a multination company headquartered in France suffers a data breach in Spain, the complaint will most likely be moved to France. Because of their corporate-friendly tax policies, both Luxembourg and Ireland are popular corporate headquarters for major multi-national companies. As we saw in 2021, these larger companies dealing with greater volumes of data are more likely to incur heavier fines. 

While Poland isn’t notable for the volume or value of fines issued – just over €2 million since 2018 – it is notable for its recent focus on GDPR’s information security requirements and the responsibilities of data collectors and processors. In 2021, rulings have emphasized the importance of regular testing, measurement and evaluation of information security measures. (2) In October, a court handed down a ruling that could impact businesses worrying about a breach occurring by their data processor.  

The court overruled the Polish Data Protection Authority’s decision to impose a fine due to the actions of their data processor. A financial technology company incurred the fine because their client database was illegally downloaded through their data processor. 

The ruling stated that while the controller was responsible for compliance with GDPR, it was not responsible for a personal data breach due to the processor’s actions. Future cases will determine if this ruling has precedent outside of Poland, but it does call into question the previous assumption that data controllers are liable for their data processor’s actions or negligence. (2) 

Right now, businesses are closely monitoring negotiations between the EU and US regarding the way multinational companies handle the transfer, storage and processing of data from European users to US servers. These data transfers were governed by the US-EU Privacy Shield until July 2020, when it was invalidated by the European Court of Justice. The reason? They cited fears that US surveillance laws do not have sufficient policies and procedures in place to protect the privacy and data protection of people living outside of the US. As data controllers, multinational companies transferring data are in limbo and face uncertainty and risk under GDPR until a new policy is enacted. 

Ensuring data protection is clearly a work in progress for businesses, government agencies and the courts. According to a spokesperson at the independent European Data Protection Board, GDPR is a “long-term project”. (3) It is a project that has a deep impact on businesses, the economy and our personal lives.  

1 https://www.tessian.com/blog/biggest-gdpr-fines-2020/#:~:text=The%20EU%20General%20Data%20Protection,financial%20year%E2%80%94whichever%20is%20higher. 

2 DLA Piper GDPR fines and data breach survey: January 2022. Report by DLA Piper, Cybersecurity and Data Protection Team. 

3 https://www.wired.co.uk/article/amazon-gdpr-fine

Posted in: GDPR
Previous Post Next Post

Circular Newsletter

Data Center Services

Learn More

Regions

  • Americas
  • Global
  • EMEA
  • APAC

Topics

Archives

Sims Lifecycle Services
  • Corporate Information
    • About Us
    • Certifications
    • Locations
  • Services
    • For Data Centers
    • For Businesses
    • For Electronics Manufacturers
    • Data Destruction
    • Global Services
  • Contact
    • Email
    • News
    • Blog
  • Sims Limited
    • SLS is a business division of Sims Limited. Discover how Sims Limited plays an integral role in the circular economy by making resources available for future use.
      Visit the Sims Limited Website
  • Other Business Divisions (external websites)
    • Sims Metal
    • Sims Resource Renewal

Sign up for our newsletter

  • Visit Us on Instagram (opens new window)
  • Visit Us on Facebook (opens new window)
  • Visit Us on LinkedIn (opens new window)
Copyright © 2025 Sims Lifecycle Services, All Rights Reserved.
  • Privacy Policy
  • Legal
  • Terms of Use