Sanctions and enforcement

May 2, 2018


Companies in breach of the GDPR are facing a few channels of sanctions:


1.    Supervisory Authority enforcement. The SAs are authorized to make inquiries, investigate, and issue administrative fines to Companies. The SAs are authorized to determine administrative fines of up to the higher of EUR 20,000,000 or 4% of the annual global turnover of a company (could also be, a group of companies, as yet remains to be seen how will the SA will interpret and implement the GDPR). Some obligations of the GDPR are subject to a bit lesser fines, up to the higher of EUR 10,000,000 OR 2% of the annual global turnover, but this is pretty hefty too. These fines may be levied by the SA without any claim brought by a data subject or a third party, and they have investigative authorities.


2.    Member State Courts – data subjects may bring claims against breaching companies, in accordance with local legal procedures of the applicable member state. Each of the states also has the right to determine that certain breaches of the GDPR shall be subject to criminal penalties.

Share on Facebook
Share on Twitter
Share on LinkedIn
Please reload

Read more about GDPR

Please reload

For a free of charge, no strings attached, intro meeting contact DPO-PRO

Are you a personal data controller or processor under GDPR?

Are you subject to the GDPR?

Is your organization in compliance?

What do you need to do in order to get to GDPR compliance?

Contact us today!

© 2018 D.Z. Consulting and Projects

Website by Anat Belinson

(Read it here)