Private individuals can be sanctioned with GDPR fine.
The first GDPR fine of June 2022 was attributed to a private individual for Non-compliance with general data processing principles. This might sound strange that an individual is fined but it is not new and it is not the first time neither. Indeed, the first individual who was fined by the GDPR was an Austrian on 27 September 2018 for insufficient legal basis for data processing.
Since the enforcement of the GDPR, we count 81 private individuals and private associations that were sanctioned with GDPR fines for various reasons.
Here below are some statistics:
As you can notice, non-compliance to the regulation will be sanctioned, regardless the sector of activity. However, private individuals have been earmarked together with Private Associations, irrespectively of the sector of activity.
Unfortunately, we do not have exact data on the reasons of fines attributed to private individuals. However, the statistics below will provide you an overview of the nature of fines.
For reminder, Mauritius has embarked on the process of obtaining adequacy with the GDPR, which means that the Data Protection Act (DPA) will be the equivalent of the GDPR. If such EU accept the request, this will most probably lead to more severe sanction locally. You can read more about the data protection right in Mauritius here. https://www.ascentrixconsulting.com/post/data-protection-rights-in-mauritius
If you wish to assess your level of compliance to Data Protection, Ascentrix Consulting can help you implement the various requirements and support your team. Do not hesitate to contact us.