Your contacts
The European Data Protection Board (hereafter ‘EDPB’) has published Guidelines for the calculation of fines under the General Data Protection Regulation (GDPR). The supervisory authority retains the discretion to utilize the full fining range of GDPR fines from a point above € 0,- until the legal maximum, ensuring that the GDPR fine is tailored to the circumstances of the case. The categories for starting amounts of GDPR fines serve as starting points for further calculation of the fines and do not limit the supervisory authorities’ abilities to take into account aggravating and mitigating circumstances to an amount above or below the categories for starting amounts of GDPR fines. In this part 4 of a series of six articles, we will go through how the supervisory authority must consider the aggravating, neutral and mitigating factors (as listed in Article 83(2) GDPR,) for the further calculation of the GDPR fine.
We have prepared a pdf for you with a graphic calculation guide – part 4 (14 pages) with the following points:
- Identification of aggravating and mitigating factors
- Actions taken by controller or processor to mitigate damage suffered by data subjects, Articles 83(2)(c) GDPR
- Degree of responsibility of the controller or processor, Articles 83(2)(d) GDPR
- Previous infringements by the controller or processor, Articles 83(2)(e) GDPR
- Previous infringements by the controller or processor and time frame, Articles 83(2)(e) GDPR
- Previous infringements by the controller or processor and subject matter, Articles 83(2)(e) GDPR
- Previous infringements by the controller or processor and other considerations, Articles 83(2)(e) GDPR
- Degree of cooperation with the supervisory authority in order to remedy the infringement and mitigate the possible adverse effects of the infringements, Articles 83(2)(f) GDPR
- The way the infringement became known to the supervisory authority, Articles 83(2)(e) GDPR
- Compliance with measures previously ordered with regard to the same subject matter, Articles 83(2)(i) GDPR
- Adherence to approved codes of conduct or approved certification mechanisms, Articles 83(2)(j) GDPR
- Other aggravating and mitigating circumstances, Articles 83(2)(k) GDPR
Please click on the button below to download the pdf: