Data breach enforcement on both sides of the Atlantic: Revealing mechanics of fines and civil penalties and reinforcing importance of training

Three data breach enforcement examples, two under the GDPR and one in the U.S., highlight differences across the Atlantic in the mechanics of fines and civil penalties, including how and when to seek reductions, and the importance of data privacy training as a mitigation measure. This article was written in partnership with Dr. Carolin Raspé of Hengeler Mueller.