The Netherlands premieres the first GDPR fining policy in the EU
Via The Nextweb by MÁR MÁSSON MAACK
The Dutch Data Protection Authority just released its GDPR fining policy, being the first country to do so. GDPR allows for a maximum fine of 4 percent of global revenue or €20 million, whichever is higher, but little has been said about how to determine the exact fine amount and what the scale is.
The new GDPR fining policy sheds light on this as it introduces a four category system, giving various examples depending on company size and maximum fine. For example, if a company’s maximum fine is €10 million, it might face the following fines for less severe violations:
- Category I: €0 to €200,000
- Category II: €120,000 to €500,000
- Category III: €300,000 to €750,000
- Category IV: €450,000 to €1 million
BREAKING: Dutch Data Protection Authority publishes #GDPR fining policy: 4 categories, range and basic fine per category, and aggravating or mitigating circumstances. Fine higher than category 4 will only be issued if max category 4 is “not appropriate”. https://t.co/MX734ZryI4 pic.twitter.com/vtjx2ebsLe
— Jeroen Terstegge (@PrivaSense) March 14, 2019
ePrivacy: Public benefit or private surveillance?
European Data Protection Board – Eighth Plenary session: Interplay ePrivacy Directive and GDPR, statement on ePrivacy Regulation, DPIA Lists ES & IS, Statement on Elections