Fines

To enforce the GDPR in cases where organisations do not comply, DPAs impose appropriate, necessary and proportionate measures taking into account the circumstances of the case. Their powers range from warnings and reprimands to administrative fines and orders. Fines under the GDPR can reach up to €20 million or 4% of a company’s global annual turnover. The EDPB adopts guidance, opinions and binding decisions concerning the imposition of corrective measures where appropriate.

Guidelines 04/2022 on the calculation of administrative fines under the GDPR

Guideline

24 May 2023

#GDPR enforcement #Fines

Read more about

Guidelines 04/2022 on the calculation of administrative fines under the GDPR

Urgent Binding Decision 01/2023 requested by the Norwegian SA for the ordering of final measures regarding Meta Platforms Ireland Ltd (Art. 66(2) GDPR)

EDPB Binding Decisions

27 October 2023

#Legal basis #GDPR enforcement #Fines #Cooperation between authorities

Read more about

Urgent Binding Decision 01/2023 requested by the Norwegian SA for the ordering of final measures regarding Meta Platforms Ireland Ltd (Art. 66(2) GDPR)

Binding Decision 1/2023 on the dispute submitted by the Irish SA on data transfers by Meta Platforms Ireland Limited for its Facebook service (Art. 65 GDPR)

EDPB Binding Decisions

13 April 2023

#GDPR enforcement #Fines #Cooperation between authorities #Standard contractual clauses #Tools for transfers and derogations

Read more about

Binding Decision 1/2023 on the dispute submitted by the Irish SA on data transfers by Meta Platforms Ireland Limited for its Facebook service (Art. 65 GDPR)

Opinion 39/2021 on whether Article 58(2)(g) GDPR could serve as a legal basis for a supervisory authority to order ex officio the erasure of personal data, in a situation where such request was not submitted by the data subject

Opinion of the Board (Art. 64)

14 December 2021

#Data subject rights #Fines

Read more about

Opinion 39/2021 on whether Article 58(2)(g) GDPR could serve as a legal basis for a supervisory authority to order ex officio the erasure of personal data, in a situation where such request was not submitted by the data subject

Select your language

Fines

On this page

Guidance

Guidelines 04/2022 on the calculation of administrative fines under the GDPR

Enforcement

Urgent Binding Decision 01/2023 requested by the Norwegian SA for the ordering of final measures regarding Meta Platforms Ireland Ltd (Art. 66(2) GDPR)

Binding Decision 1/2023 on the dispute submitted by the Irish SA on data transfers by Meta Platforms Ireland Limited for its Facebook service (Art. 65 GDPR)

Compliance instruments

Opinion 39/2021 on whether Article 58(2)(g) GDPR could serve as a legal basis for a supervisory authority to order ex officio the erasure of personal data, in a situation where such request was not submitted by the data subject

Fines

On this page

Guidance

Guidelines 04/2022 on the calculation of administrative fines under the GDPR

Enforcement

Urgent Binding Decision 01/2023 requested by the Norwegian SA for the ordering of final measures regarding Meta Platforms Ireland Ltd (Art. 66(2) GDPR)

Binding Decision 1/2023 on the dispute submitted by the Irish SA on data transfers by Meta Platforms Ireland Limited for its Facebook service (Art. 65 GDPR)

Compliance instruments

Opinion 39/2021 on whether Article 58(2)(g) GDPR could serve as a legal basis for a supervisory authority to order ex officio the erasure of personal data, in a situation where such request was not submitted by the data subject

Related news

Italian SA fines a company for post-sick leave questionnaires

The Italian Supervisory Authority fined a company 120 000 EUR for tracking five employees who drove company cars

The Italian SA imposed a 40 000 EUR fine on a company for violating the confidentiality of a employee's email account after the end of his employment