GDPR Fines Explained: Non-compliance Penalty, Maximum Fine and Other Implications if You Breach EU's New Online Privacy Law
GDPR Violation Fines (Photo Credit: Official Website)

As General Data Protection Regulation (GDPR) is all set to be enforced on May 25, the European Union will be imposing administrative fines for non-compliance with the new Online Privacy Law. Moreover, the new law has managed to attract the eye balls of the media and business bodies due to the increased fines that will be imposed for violating the law. However, not all GDPR violations will result in hefty fines which will be imposed by Information Commissioner’s Office (ICO). See More: European Union's GDPR To Be Enforced on May 25; Here is the Checklist for New Online Privacy Law Compliance

The officer will also have range of corrective powers and sanctions for enforcing the GDPR besides the power of imposing penalties. The officer can issue warnings and reprimands; levying a temporary or permanent ban on data processing; instructing alteration, curb or deleting the data; and suspending data transfers to third countries.

Here are two Tier of penalties that will be imposed on the organization for violating or non-compliance with the GDPR law:-

1. The organization will be imposed up to €10 million of fine or 2 percent of annual global turnover.

2. The organization will be fined up to €20 million or 4% annual global turnover (whichever is higher in both the options).

These fines will be based on the certain articles of the regulation that the organization has breached. Moreover, the organizations violating data responsibilities such as data security breaches will subject lower fine, whereas intrusions of an individual’s privacy rights attract higher level of fine. Read More: UK Lawmakers Appeals to EU to Help in Facebook Probe

Moreover, the Information Commissioner’s Office (ICO) will be considering various pointers prior imposing a fine and the level such as nature and duration of the breach, violation caused was intentional or negligent character, actions required for easing the damage suffered by individuals, any previous violations by the organization, types of personal data involved and much more.