Three data breach enforcement examples, two under the GDPR and one in the U.S., highlight differences across the Atlantic in the mechanics of fines and civil penalties, including how and when to seek reductions, and the importance of data privacy training as a mitigation measure. This article was written in partnership with Dr. Carolin Raspé of Hengeler Mueller.

If you have any questions regarding the matters covered in this publication, please reach out to any of the lawyers listed below or your usual Davis Polk contact.

This communication, which we believe may be of interest to our clients and friends of the firm, is for general information only. It is not a full analysis of the matters presented and should not be relied upon as legal advice. This may be considered attorney advertising in some jurisdictions. Please refer to the firm's privacy notice for further details.

Related materials

Read the full update
Copy link to share post