Failure to comply with the GDPR may result in significant fines of up to EUR €20 million or 4% of a company's global turnover for certain breaches.

The GDPR allows the data protection authorities in each country to issue sanctions and fines to organizations it finds in violation.

The data protection authorities may also impose additional corrective measures and issue sanctions, such as ordering the company to stop processing personal data, or public reprimands.

You can read more about how GDPR fines are assessed on ec.europa.eu.

Return to FAQs or read "Who must comply with the GDPR?"


Create a free account to discover insights and learn business failures.

Last edited on 25 November 2019.