Understanding GDPR Fines
GDPR fines fall into two tiers. Lower-tier violations (Art. 83(4)) include failures in record-keeping, security measures, or DPIA obligations - carrying fines up to EUR 10 million or 2% of global revenue. Upper-tier violations (Art. 83(5/6)) cover consent, data rights, and unlawful transfers - with fines up to EUR 20 million or 4% of global revenue.
How Fines Are Determined
Supervisory authorities consider the nature and severity of the violation, number of affected individuals, degree of cooperation, history of violations, and whether the violation was intentional or negligent. Self-reporting and swift remedial action can significantly reduce penalties.