Germany: CEO to be held personally liable for data privacy breaches

In a recent case in Germany, a court ruled that a CEO was personally liable for a data privacy breach after hiring a detective to investigate possible criminal acts by the plaintiff. Given the potential risks, this case raises a number of issues for companies and their boards to consider. This is one of many recent cases in Europe in which the courts have dealt with the question of what is required for damages to be awarded under Article 82 of the EU’s General Data Protection Regulation (GDPR).


Article 82 provides that any person who suffers non-material harm as a result of a breach of the GDPR is entitled to receive compensation for the harm suffered.

In data protection law, the GDPR, in the European Union, the controller or processor are the entities that can be held liable in the event of a breach of the GDPR, and not the controllers of those controllers or processors.

In contrast, the legal framework applicable to the protection of personal data in the Republic of Moldova, according to the LAW No. 133 of 08-07-2011 on the protection of personal data, in Article 33, the liability for violation of the law is the guilty persons( it is specified that „For violation of this law, the guilty persons shall be liable in accordance with civil, contravention or criminal law.”. ).

#ceo #gdpr #gdprcompliance