Actions and Fines for Violations of the GDPR

GDPR introduces two tiers of fines:

(i) Non-severe infringements: For controllers and processors, these constitute violations of Articles 8 (Conditions applicable to a child's consent in relation to information society services), 11 (Processing which does not require identification) , 25-39 (Data protection by design and default, joint controllers, representatives of controllers and processors not established in the Union, Processor, Processing under the authority of the controller or processor, records of processing activities, cooperations with the supervisory authority, security of processing, notification of a data breach to the supervisory authority, communication of a personal data breach to the data subject, data protection impact assessment, prior consultation, Data Protection Officer) and 43 (Certification bodies) These violations can incur fines up to 2% of the total worldwide annual turnover of the past financial year or 10,000,000 EUR, whichever is highest.

(i) Severe infringements: Violations of the basic principles for processing, including conditions for consent (Articles 5, 6, 7 and 9), the data subjects' rights (Articles 12 to 22), the transfers of personal data to a recipient in a third country or an international organization (Articles 44-49), non-compliance with Member State Law adopted under Chapter IX, non-compliance with an order or a temporary or definitive limitation on processing or the suspension of data flows by the Supervisory Authority (Art. 58 (2)) or failure to provide access (Art. 58 (1)).

These violations can incur fines up to 4% of the total worldwide annual turnover of the past financial year or 20,000,000 EUR, whichever is highest.

The information provided in this resource base and on the Datawallet website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only. Information on this website may not constitute the most up-to-date legal or other information. This website contains links to other third-party websites. Such links are only for the convenience of the reader, user or browser. No reader, user, or browser of this site should act or refrain from acting on the basis of information on this site without first seeking legal advice from counsel in the relevant jurisdiction. Only your individual attorney can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. All liability with respect to actions taken or not taken based on the contents of this site are hereby expressly disclaimed. The content on this posting is provided “AS IS;” no representations are made that the content is error-free.