Fines and Penalties
Potential Fines: The GDPR establishes a tiered system of fines for non-compliance, depending on the nature and severity of the violation. The potential fines are divided into two categories:
Lower-Tier Fines: These can reach up to €10 million or 2% of the global annual turnover of the previous financial year, whichever is higher. These are generally for less severe violations, such as inadequate record-keeping or data protection impact assessments.
Upper-Tier Fines: These can go up to €20 million or 4% of the global annual turnover of the previous financial year, whichever is higher. They apply to more serious breaches, including violations of individuals' rights, data breaches, and violations of the core principles of the GDPR.
Factors Influencing Fines: The actual fines imposed depend on various factors, including the organisation's level of cooperation with regulatory authorities, the nature and duration of the violation, the number of individuals affected, the steps taken to mitigate the damage, and any previous history of non-compliance.
Last updated