Three data breach enforcement examples, two under the GDPR and one in the U.S., highlight differences across the Atlantic in the mechanics of fines and civil penalties, including how and when to seek reductions, and the importance of data privacy training as a mitigation measure. This article was written in partnership with Dr. Carolin Raspé of Hengeler Mueller.

This communication, which we believe may be of interest to our clients and friends of the firm, is for general information only. It is not a full analysis of the matters presented and should not be relied upon as legal advice. This may be considered attorney advertising in some jurisdictions. Please refer to the firm's privacy notice for further details.