Skip to main content
Back to Blog

GDPR Fines and Penalties Explained: Calculation, Enforcement Trends, and Risk Mitigation

Your legal team forwards you a letter from a supervisory authority. A data subject complaint has triggered a formal investigation. Your company processed personal data without a valid lawful basis six months ago — a decision made by a product manager who didn't loop in privacy counsel. Now you're looking at a potential Tier 2 fine, which means up to €20 million or 4 percent of your annual global turnover, whichever is greater. You have thirty days to respond.

Secure Privacy Logo

Secure Privacy Team

Privacy Experts

·8 min read
Share: