Exaggerated fears of fines for GDPR violations are (so far) unnecessary

With the GDPR coming into force, a wave of emotions, doubts and uncertainty has risen. Questions that are currently being addressed by almost every administrator: are we doing it right? Are we breaking the legislation? And if we are and the supervisory authority finds wrongdoing, how will we deal with any fine?


All of the above questions are certainly in place, but we can reassure you - the Data Protection Authority does not primarily plan to punish for minor misconduct or negligent errors.At least initially, it wants to focus primarily on educating and raising awareness among data controllers about appropriate data protection. In practice, this means that the goal of any public inspection will be to call for the correction of infringements, not to impose fines.

The DPA mentions that the reason they want to focus on explaining rather than fining is that this has worked best in practice. This is because in the case of a report of a deficiency or violation of legislation, they say, the correction and change of procedure by the controller occurs almost immediately.

The question remains to what extent we can rely on these promises. We certainly recommend that you fine-tune the GDPR to perfection and avoid the inconvenience of a fine, which would likely put your business out of business.

How high is the fine in case of a GDPR breach?

We're not going to rub honey around your mouth. The fines are very high indeed. We can simplistically divide the offenders into two groups, which in itself reflects the importance of the breached obligations and their impact on the data protection rights of the victims.

In the lower rate group, you can be fined either up to €10,000,000 (or up to 2% of the total annual worldwide turnover if it is a business). The second group will pay even more - €20,000,000 (or up to 4% of the total annual worldwide turnover if it is a company).

Are you struggling with data protection confusion? Have you encountered an unusual situation or are you concerned about GDPR for a completely different reason? Do not hesitate to contact us, we will be happy to discuss everything with you and propose an ideal solution.