First German GDPR penalty

21 December 2018

The European Data Protection Board is today reporting that the supervisory authority for Baden-Würrtemburg has imposed the first GDPR fine in Germany.  A social network company was fined €20,000 for a data breach in July 2018 involving a hack which exposed the email addresses and  unencrypted passwords of 330,000 users.  The fine was reduced in the light of the ‘exemplary cooperation of the data controller, and its willingness to follow all recommendations of the supervisory authority.

EPDB press release:


Eddie Powell Author
Eddie Powell
About the author