Home / GDPR Enforcement Tracker Report / Individuals and Private Associations

Individuals and Private Associations

GDPR Enforcement Tracker Report - Individuals and Private Associations

 

This chapter covers private individuals, homeowners' associations, individual entrepreneurs, private sport associations and leagues. In total, there were 14 fines issued by DPAs in eight different countries. The fines amount to a total of EUR 830,751.

Let's take a closer look

  • The highest fine, of EUR 525,000, was issued against the Royal Dutch Tennis Association for selling contact details of 350,000 members without their permission to sponsors who contacted them for direct marketing purposes via phone and e-mail.
  • The lowest fine, of EUR 200, was issued against a German YouTuber who was broadcasting compilations of his dashcam footage, thereby revealing many cars' license plates.
  • The issue most frequently criticised and punished by the authorities is non-compliance with general data processing principles and having an insufficient legal basis for data processing.

Main takeaway

In this sector, the DPAs seem to take very careful account of the extent to which the infringement was foreseeable by the individual and of the underlying motives for processing operations. The number of data subjects and the violator's intention to pursue economic interests through illegal data processing were particularly important, although the intimacy of the processed data was, of course, also of considerable significance. As is the case for companies, individuals and private associations primarily need to ensure that they have a sufficient legal basis for the various processing operations.