https://community.isc2.org/t5/Privacy/The-Netherlands-premieres-the-first-GDPR-fining-policy-in-the-EU/m-p/20152#M731 <P><SPAN>The Dutch Data Protection Authority just released its&nbsp;</SPAN><A href="https://autoriteitpersoonsgegevens.nl/sites/default/files/atoms/files/stcrt-2019-14586.pdf" target="_blank" rel="nofollow noopener">GDPR fining policy</A><SPAN>, being the first country to do so.</SPAN></P><P>GDPR allows for a maximum fine of 4 percent of global revenue or €20 million, whichever is higher, but little has been said about how to determine the exact fine amount and what the scale is.</P><P>The new GDPR fining policy sheds light on this as it introduces a four category system, giving various examples depending on company size and maximum fine. For example, if a company’s maximum fine is €10 million, it might face the following fines for less severe violations:</P><UL><LI>Category I: €0 to €200,000</LI><LI>Category II: €120,000 to €500,000</LI><LI>Category III: €300,000 to €750,000</LI><LI>Category IV: €450,000 to €1 million</LI></UL> Mon, 09 Oct 2023 09:09:05 GMT leroux 2023-10-09T09:09:05Z https://community.isc2.org/t5/Privacy/The-Netherlands-premieres-the-first-GDPR-fining-policy-in-the-EU/m-p/20152#M731 <P><SPAN>The Dutch Data Protection Authority just released its&nbsp;</SPAN><A href="https://autoriteitpersoonsgegevens.nl/sites/default/files/atoms/files/stcrt-2019-14586.pdf" target="_blank" rel="nofollow noopener">GDPR fining policy</A><SPAN>, being the first country to do so.</SPAN></P><P>GDPR allows for a maximum fine of 4 percent of global revenue or €20 million, whichever is higher, but little has been said about how to determine the exact fine amount and what the scale is.</P><P>The new GDPR fining policy sheds light on this as it introduces a four category system, giving various examples depending on company size and maximum fine. For example, if a company’s maximum fine is €10 million, it might face the following fines for less severe violations:</P><UL><LI>Category I: €0 to €200,000</LI><LI>Category II: €120,000 to €500,000</LI><LI>Category III: €300,000 to €750,000</LI><LI>Category IV: €450,000 to €1 million</LI></UL> Mon, 09 Oct 2023 09:09:05 GMT https://community.isc2.org/t5/Privacy/The-Netherlands-premieres-the-first-GDPR-fining-policy-in-the-EU/m-p/20152#M731 leroux 2023-10-09T09:09:05Z https://community.isc2.org/t5/Privacy/The-Netherlands-premieres-the-first-GDPR-fining-policy-in-the-EU/m-p/20157#M733 Yves,<BR />that being said, it is then a statement, that the 10 mio will not be fined ever, right?<BR />Or is another category above CatIV?<BR /><BR />And also there are potential variations in "guiltiness" of the behaviors, wouldn't it?<BR />Will be interesting to see how GDPR certifications and assertions will proceed, same as with definition of fines...<BR /><BR /> Fri, 15 Mar 2019 14:52:52 GMT https://community.isc2.org/t5/Privacy/The-Netherlands-premieres-the-first-GDPR-fining-policy-in-the-EU/m-p/20157#M733 RRehm 2019-03-15T14:52:52Z