GDPR - penalties provided
A special mention must be made about the penalties applicable to entities and companies that do not comply with the GDPR policy. They are essentially attributable to two main types: administrative-pecuniary sanctions and "official" reprimands. The extent of the penalties follows a gradual approach which varies according to the seriousness of the violation.
In particular, pursuant to art.83 of the European privacy regulation (GDPR) the following penalties can be imposed:
- A verbal warning in case of an unintentional first default;
- Penalties of up to 10 million euros, or for companies, up to 2% of the total annual global turnover of the previous year, if higher, in the event of violation (among other things) of the obligations of the data controller and the person in charge of the treatment;;
- Penalties of up to € 20 million, or for businesses, up to 4% of the total annual global turnover of the previous year, if higher, in the event of violation (among other things) of the basic principles of the treatment, including the conditions relating to consent, the rights of the interested parties, the rules on transfers of personal data to a
recipient in a third country;
- As an extrema ratio (and in line with the provisions of art. 58), the supervisory authorities can make use of a series of corrective actions, such as the possibility of limiting and even prohibiting the processing of data by defaulting companies.
Article 84 also stipulates that “Member States shall lay down the rules on other penalties applicable to infringements of this Regulation in particular for infringements which are not subject to administrative fines pursuant to article 83, and shall take all measures necessary to ensure that they are implemented. Such penalties shall be effective, proportionate and dissuasive".
These are important sanctions, which would worry even the most prosperous and consolidated of organizations.
Dealing with only one of these measures could cause serious damage not only from an economic point of view but also in terms of brand reputation and corporate image.