Recently, the Association of German Data Protection Authorities (“Datenschutzkonferenz” or “DSK”) issued guidelines setting a GDPR fining methodology (“Fining Methodology”). GDPR enforcement across the EU has picked up over the past year. This Fining Methodology has been issued at the time of a significant increase in GDPR enforcement action across the EU. The European Data Protection Board (“EDPB”) reported a total of 281,088 national enforcement actions being initiated as of May 22, 2019 (approximately one year after the GDPR’s entry into application). Since then, data protection authorities across the EU have been initiating enforcement and fines on a daily basis. In particular, in the UK, the Information Commissioner’s Office (“ICO”) has issued two notices of intention to fine of €114m and €215m for failure to implement appropriate data security measures.