By: Leonardo Neri

On 20.09.2022, the German Bundestag, or rather, the Data Protection Authority responsible for information in Berlin, acting in a binding manner to the BFDI, at the federal level, made changes to its legislation available to the public, applying sanctions in the form of a fine of R$ 525 thousand euros for analyzing and judging that the Data Protection Officer and a certain e-commerce were not following the rules and concepts aimed at autonomy and independence that are required by the GDPR, the General Regulatory Body for Data Protection.

The aforementioned case came with a strong tone, addressing information that the punished representative demanded functions of both DPO and executive law of two different e-commerce companies, which characterized effective bad faith due to the easy availability to make significant decisions on how to treat the data provided to these groups.

Furthermore, the regulatory agency confirmed via Note that the sanction occurs due to the lack of reason for a single person to occupy a position in which the main function, that is, it is possible to carry out the monitoring of information of this caliber in companies that are competitors.

Finally, the Entity was responsible for highlighting the significant role played by the DPO in companies, stating that the fine is only part of an infraction in order to notify the professional community about the actions that must be taken for the collective good.