If you need HELP, SUPPORT or just have a GDPR question please call +44 (0) 208 133 2545 or email us at contact@gdpr.institute.
Alternatively please visit our contact page
FREE GDPR Helpline
Call +44 (0) 208 133 2545
There will be two levels of fines based on the GDPR. The first is up to €10 million or 2% of the company’s global annual turnover of the previous financial year, whichever is higher. The second is up to €20 million or 4% of the company’s global annual turnover of the previous financial year, whichever is higher. The potential fines are substantial and a good reason for companies to ensure compliance with the Regulation.
The Parliament had requested for fines to reach €100 million or 5% of the company’s global annual turnover. The agreed fines are the compromise that was reached.
Fines for infringements will be considered on a case-by-case basis and will take a number of criteria into consideration, such as the intentional nature of the infringement, how many subjects were affected and any previous infringements by the controller or processor.
The lower level of fine, up to €10 million or 2% of the company’s global annual turnover, will be considered for infringements listed in Article 83(4) of the General Data Protection Regulation.
This includes infringements relating to:
The higher level of fine, up to €20 million or 4% of the company’s global annual turnover, will be considered for infringements listed in Article 83(5) of the General Data Protection Regulation.
When deciding whether to impose a fine or the amount to be paid as a fine, the following will be taken into consideration for each individual case:
If a controller or processor makes several infringements, the total amount of the administrative fine will not exceed the fine for the most serious infringement for the same or linked processing operations.
Member States will also have the ability to apply penalties for infringements to the GDPR. The Member State will be responsible for implementing such penalties, which must be effective, proportionate and dissuasive.
Separate to these fines and penalties, individuals will have the right to claim compensation for any damage suffered as a result of violating the GDPR.
When the General Data Protection Regulation comes into effect on May 25 this year, Data Protection Officers (DPOs) will be mandatory for certain organisations. This includes organisations where the core
Every single one of the 200 British NHS trusts so far assessed for cyber security resilience has failed an onsite assessment, MPs on the Public Accounts Committee were told on
Revision of data protection rules On 27 April 2016, new laws on data protection, which will set out new European rules
Under both the Data Protection Act 1998 and the General Data Protection Regulation 2016 (“GDPR”) organisations must ensure there is
Much more awareness is needed about the importance of making the right kind of ethical decisions in artificial intelligence, according
In the last decade there have been a growing number of cyber-attacks on business. A huge range of organisations and
The General Data Protection Regulation legislation coming into effect in the UK on May 25 has undergone some subtle changes
Data controllers and processors are required to carefully think about the ways to effectively secure personal data and take all
The GDPR Advisory Board launched on 7th December is an easily-accessible, authoritative platform for organisations baffled by the implications of
The U.S. President, Donald Trump, signed, on 19 January 2018, the bill for the Foreign Intelligence Surveillance Act (‘FISA’) Amendments
The UK Government is ratcheting up its campaign to get companies to wake up to GDPR on the back of