cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Champion

The Netherlands premieres the first GDPR fining policy in the EU

The Dutch Data Protection Authority just released its GDPR fining policy, being the first country to do so.

GDPR allows for a maximum fine of 4 percent of global revenue or €20 million, whichever is higher, but little has been said about how to determine the exact fine amount and what the scale is.

The new GDPR fining policy sheds light on this as it introduces a four category system, giving various examples depending on company size and maximum fine. For example, if a company’s maximum fine is €10 million, it might face the following fines for less severe violations:

  • Category I: €0 to €200,000
  • Category II: €120,000 to €500,000
  • Category III: €300,000 to €750,000
  • Category IV: €450,000 to €1 million
1 Reply
Newcomer I

Re: The Netherlands premieres the first GDPR fining policy in the EU

Yves,
that being said, it is then a statement, that the 10 mio will not be fined ever, right?
Or is another category above CatIV?

And also there are potential variations in "guiltiness" of the behaviors, wouldn't it?
Will be interesting to see how GDPR certifications and assertions will proceed, same as with definition of fines...