GDPR Fines & Penalties For Non-Compliance
Organizations can be fined up to 4% of annual global turnover for violating the EU GDPR law or € 20 million. This is the maximum fine that can be imposed for the most serious infractions. Examples of GDPR fines include not having enough consent from the client to process data or violating the core concepts of "Privacy by Design".
Unlike previous regulations, there are two levels of these GDPR fines. The first tier is a fine of up to € 10 million or 2% of the company's annual global turnover for the previous year, whichever is higher. The second tier fine can go up to 4% of global turnover.
It is interesting to note that the EU parliament had initially suggested a fine of up to € 100 million; however, a compromise was reached on the amount that is one-fifth of the original suggestion. If true, this means that companies must take GDPR seriously because lawmakers are determined to penalize corporations for their wrong-doing, and change laws, if required.
In 2018 alone, EU GDPR fines reached €56 million in just the second half of the year. In fact, more than 200,000 reports of a data breach were scrutinized. The majority of GDPR cases were solved without fines where companies were cautioned to take security measures seriously. Regarding the enforcement of the law, watchdogs have suggested that 2018 was just a transition year, which means that authorities will be stricter in the future and could lead to even higher GDPR fines.
Ready for the next step?
Ensure that every solution you use is safe, secure and compliant with ever-changing GDPR, PSD2 and other personal data standards and regulations. Our authentication solutions take care of that for you.