The Dutch data protection authority, the Autoriteit Persoonsgegevens, has published its fining policy under the EU General Data Protection Regulation. The DPA has created a four-tiered structure for the penalties it will administer based on the severity of the infraction. The first category could result in a penalty between 0 to 200,000 euros, category two has a range of 120,000 to 500,000 euros, a violation in category three could see a fine of 300,000 to 750,000 euros, and a category four offense may have a penalty of 450,000 to 1 million euros. The DPA will only offer punishments higher than the aforementioned structure should a category four penalty be deemed “not appropriate.” (Article is in Dutch.)
If you want to comment on this post, you need to login.