Originally Posted by
silonic
The fine can be 4% of annual revenue, capped at 20 million EUR.
This statement is incorrect. There are two tier's of penalty that can be applied under GDPR, dependent on the exact articles that have been breached:
- Up to €10 million, or 2% annual global turnover – whichever is higher.
- Up to €20 million, or 4% annual global turnover – whichever is higher.
Source:
https://www.itgovernance.co.uk/dpa-and-gdpr-penalties