Liability for violating the provisions of the GDPR

2018.05.30

The sanctions that can be imposed on the data controller and processor for the violation of personal data protection rules are exceptionally severe.  First, nonfinancial corrective actions may be imposed by administrative order, as well as financial fines (independently of each other, i.e. both). The corrective actions include in particular: a warning, an order to bring processing operations into compliance with the provisions of the GDPR, or a temporary or definitive limitation including a ban on processing. In turn, the cap on financial fines that can be imposed for the most severe violations of the GDPR is 20,000,000 million euro, and in the case of an undertaking, 4% of its worldwide annual turnover for the preceding financial year (the higher amount applies).