Penalties as the main form of liability for violation of the General Regulation on Personal Data Protection in the EU

Abstract

The article outlines the legal basis of the penalties for violation of the General Data Protection Regulation in the EU. The necessity of studying the mechanisms by which the procedure for collecting fines for violations in the field of personal data protection within the European Union is carried out. Provisions of the General Data Protection Regulation are analyzed in order to apply the experience of EU member states in the field of personal data protection as well as in the context of harmonization of Ukrainian legislation with EU law.
 The article analyzes changes in the legislation on the protection of personal data and identifies the most frequently applied penalties in the form of fines imposed on companies in countries such as Great Britain, Netherlands, and Spain. Forms of liability for violations of the Regulation are: administrative fine, warning, temporary suspension of activity, or certain actions performed by the controller or operator. In addition to the list, member states in their domestic legislation have the right to establish additional forms of liability for violations of personal data protection, if such a penalty does not contradict the GDPR.
 In the article, it has also been determined which violations in the field of personal data protection act as grounds for imposing fines, namely, it has been established that these are non-compliance by companies with the security of personal data, non-observance of conditions and rules regarding consent to the processing of personal data, and the subsequent use by companies of personal data of customers after the leak the period provided for their use or the transfer of customer data to third parties. As mentioned above, the adoption of the General Data Protection Regulation contributed to ensuring the stability of normative acts that regulate issues related to the confidentiality of personal data of users, as well as responsibility for the violation of rights related to such data. According to the Regulation, any information by which a person can be identified should be interpreted as personal data. The article examines the application of mechanisms for imposing fines and analyzes the circumstances that determine the extent of liability for violations in the field of personal data protection.