Fines / Penalties - General Data Protection Regulation (GDPR) (2024)

National authorities can or must assess fines for specific data protection violations in accordance with the General Data Protection Regulation. The fines are applied in addition to or instead of further remedies or corrective powers, such as the order to end a violation, an instruction to adjust the data processing to comply with the GDPR, as well as the power to impose a temporary or definitive limitation including a ban on data processing. For the provisions which relate to processors, he may be subject to sanctions directly and/or in conjunction with the controller.

The fines must be effective, proportionate and dissuasive for each individual case. For the decision of whether and what level of penalty can be assessed, the authorities have a statutory catalogue of criteria which it must consider for their decision. Among other things, intentional infringement, a failure to take measures to mitigate the damage which occurred, or lack of collaboration with authorities can increase the penalties. For especially severe violations, listed in Art. 83(5) GDPR, the fine framework can be up to 20 million euros, or in the case of an undertaking, up to 4 % of their total global turnover of the preceding fiscal year, whichever is higher. But even the catalogue of less severe violations in Art. 83(4) GDPR sets forth fines of up to 10 million euros, or, in the case of an undertaking, up to 2% of its entire global turnover of the preceding fiscal year, whichever is higher. Especially important here, is that the term “undertaking” is equivalent to that used in Art. 101 and 102 of the Treaty on the Functioning of the European Union (TFEU). According to case law of the European Court of Justice, “the concept of an undertaking encompasses every entity engaged in an economic activity, regardless of the legal status of the entity or the way in which it is financed”. An undertaking can therefore not only consist of one individual company in the sense of a legal person, but also out of several natural persons or corporate entities. Thus, a whole group can be treated as one undertaking and its total worldwide annual turnover can be used to calculate the fine for a GDPR infringement of one of its companies. In addition, each Member State shall lay down rules on other penalties for infringements of the Regulation which are not already covered by Art. 83. Those are most likely criminal penalties for certain violations of the GDPR or penalties for infringements of national rules which were adopted based on flexibility clauses of the GDPR. The national penalties must also be effective, proportionate and act as a deterrent.

A punishable situation in a company can be revealed through proactive inspection activities conducted by the data protection authorities, by an unsatisfied employee or by customers or potential customers who complain to the authorities, through the company making a self-denunciation, or by the press in general, especially through investigative journalism.

The Enforcement Tracker gives an overview of reported fines and penalties which data protection authorities within the EU have imposed so far.

External Links

Authorities

  • Article 29 Data Protection Working Party ► WP 253 – Guidelines on the application and setting of administrative fines (Link)
  • European Commission ► Enforcement and sanctions (Link)
  • Data Protection Authority Isle of Man ► Fines, penalties and sanctions (Link)
  • ► Handbook on European data protection law – Sanctions, page 247 (Link)

Expert contribution

  • Journal of Intellectual Property, Information Technology and Electronic Commerce Law ► Is Data Protection Law Growing Teeth? (Link)
  • IAPP ► Top 10 operational impacts of the GDPR: Part 10 – Consequences for GDPR Violations (Link)
  • A&L Goodbody ► The GDPR: A Guide for Businesses – Investigative, Corrective & Advisory Powers of Supervisory Authorities / Administrative fines, Page 31, 33 (Link)

Key IssuesTable of contents

Fines / Penalties - General Data Protection Regulation (GDPR) (2024)
Top Articles
How To Write a Bill of Sale for a Car
How DIY Furnace Maintenance Can Save a Repair Bill
Katie Pavlich Bikini Photos
Gamevault Agent
Hocus Pocus Showtimes Near Harkins Theatres Yuma Palms 14
Free Atm For Emerald Card Near Me
Craigslist Mexico Cancun
Hendersonville (Tennessee) – Travel guide at Wikivoyage
Doby's Funeral Home Obituaries
Vardis Olive Garden (Georgioupolis, Kreta) ✈️ inkl. Flug buchen
Select Truck Greensboro
Things To Do In Atlanta Tomorrow Night
Non Sequitur
How To Cut Eelgrass Grounded
Pac Man Deviantart
Alexander Funeral Home Gallatin Obituaries
Craigslist In Flagstaff
Shasta County Most Wanted 2022
Energy Healing Conference Utah
Testberichte zu E-Bikes & Fahrrädern von PROPHETE.
Aaa Saugus Ma Appointment
Geometry Review Quiz 5 Answer Key
Walgreens Alma School And Dynamite
Bible Gateway passage: Revelation 3 - New Living Translation
Yisd Home Access Center
Home
Shadbase Get Out Of Jail
Gina Wilson Angle Addition Postulate
Celina Powell Lil Meech Video: A Controversial Encounter Shakes Social Media - Video Reddit Trend
Walmart Pharmacy Near Me Open
A Christmas Horse - Alison Senxation
Ou Football Brainiacs
Access a Shared Resource | Computing for Arts + Sciences
Pixel Combat Unblocked
Cvs Sport Physicals
Mercedes W204 Belt Diagram
Rogold Extension
'Conan Exiles' 3.0 Guide: How To Unlock Spells And Sorcery
Teenbeautyfitness
Where Can I Cash A Huntington National Bank Check
Facebook Marketplace Marrero La
Nobodyhome.tv Reddit
Topos De Bolos Engraçados
Gregory (Five Nights at Freddy's)
Grand Valley State University Library Hours
Holzer Athena Portal
Hampton In And Suites Near Me
Stoughton Commuter Rail Schedule
Bedbathandbeyond Flemington Nj
Free Carnival-themed Google Slides & PowerPoint templates
Otter Bustr
Selly Medaline
Latest Posts
Article information

Author: Terence Hammes MD

Last Updated:

Views: 5986

Rating: 4.9 / 5 (69 voted)

Reviews: 84% of readers found this page helpful

Author information

Name: Terence Hammes MD

Birthday: 1992-04-11

Address: Suite 408 9446 Mercy Mews, West Roxie, CT 04904

Phone: +50312511349175

Job: Product Consulting Liaison

Hobby: Jogging, Motor sports, Nordic skating, Jigsaw puzzles, Bird watching, Nordic skating, Sculpting

Introduction: My name is Terence Hammes MD, I am a inexpensive, energetic, jolly, faithful, cheerful, proud, rich person who loves writing and wants to share my knowledge and understanding with you.