GDPR fines

I’ve posted some GDPR stuff on

My high-level map of GDPR fines (pdf)

Although my PhD research is not on GDPR fines, the outcome from my research should help organisations to be better prepared to respond to data breach incidents.

Not notifying affected data subjects when ordered by the data authority (ICO) fall under the high 1st level of fines i.e. 4% or EUR20M. However, failure to notify the data breach to the data authority (ICO) and to data subjects exposed organisations to the 2nd level of fines i.e. 2% or EUR10M. In essence be prepared to be fined when you failed to comply with the breach notification requirements, Art 33 and Art 34.

Note that when organisations have a security breach i.e. failure to comply with the data processing principles Art 5 (1)(f) (failure to use appropriate technical or organisational measures), this falls under the high 1st level of fines

So..there’s no way to avoid the fines unless you can totally avoid security breaches or avoid falling foul to the data processing principles.

Post a Comment

You must be logged in to post a comment.