GDPR Financial Penalties Explained

Up to 2% of annual turnover, or € 10,000,000
For violating GDPR rules related to:

  • Child’s consent regarding their personal data
  • Failure to keep transparency of information and communication
  • Security measures
  • Breach and breach notification
  • Transfers related to appropriate safeguards and binding corporate rules

Up to 4% of annual turnover, or € 20,000,000
For violating GDPR rules related to:

  • Processing of personal data
  • Consent of individuals regarding their personal data
  • Rights of individuals regarding their personal data
  • Personal data transfers to third countries and organisations

There is also a suite of sanctions and guidelines available to help organisations comply – by the issuing of warnings, reprimands and corrective orders. While these will not hit organisations in the pocket – their reputations will suffer a significant blow. Furthermore, individuals can sue organisations for compensation to recover both material damage and non-material damage such as infliction of emotional distress, and invasion of privacy.