Administrative fines and Penalties under GDPR- Part 2

In our last article we discussed the general conditions, upon which due regards must be given while deciding the administrative fine, under chapter 8 article 83 of the GDPR. Now in the article  we will discuss the remaining provisions with regard to the administrative fine.

The remaining provisions of article 83 states that –

Fines, in case of breach of obligation of controller or processor

  1. If a controller or processor intentionally or negligently, for the same or linked processing operations, infringes several provisions of GDPR, the total amount of the administrative fine must not exceed the amount specified for the gravest infringement.
  1. Infringement of the following provisions must, in accordance with 83(2), be subject to administrative fines upto 10 000 000 EUR, or in case of an undertaking, up to 2% of the total world wide annual turnover of the preceding financial year, whichever is higher. 

i) the obligations of the controller and the processor given under articles 8, 11, 25 to 39 and 42, 43;

ii) the obligation of the certification body under article 42 and 43

iii) the obligation of the monitoring body under article 41

Fines, in case of breach of, principles of GDPR, conditions for consent, rights of data subject, international or third country transfer of personal data, obligation of member states and non-compliance with an order

  1. Infringement of the below provisions, be subject to administrative fine upto  20 000 000 EUR, or in case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher;

i) the basic principles for processing, including conditions for consent under articles 5, 6, 7 and 9;

ii) the data subjects’ rights under article 10 to 22;

iii) the transfers of personal data to recipient in a third country or an international organization under article 44 to 49;

iv) any obligations pursuant to member state law adopted under chapter IX of GDPR;

iv) non-compliance with an order or a temporary or a definite limitation on processing or the suspension of data flows by the supervisory authority under article 58 (2) or 58 (1).

Picture Credit- https://www.vistainfosec.com