« USA offers an adequate level of protection: EU accepts disproportionate processing, excessive retention, a lack of respect for privacy and minimal accountability. | Main | EU Data Protection Regulation breaks explicit link with “privacy” and Human Rights. »



Feed You can follow this conversation by subscribing to the comment feed for this post.


I thought the fine was 4% of turnover - it is 2% - so the calculations are wrong – sorry. .

The Blog was corrected at 2:45 on Jan 25th - the corrected numbers are below AND on the blog.

Fines can range from 100 Euros to 1,000,000 Euros (or 2% of annual turnover if a commercial enterprise is involved). Thus to exceed the 1,000,000 Euro maximum, the turnover has to be 50,000,000 Euros (or about £42 million).

The UK has a maximum monetary penalty fine of £500,000 (about 600,000 Euros – say); if £500,000 represents 2% of turnover, then the total turnover is £25 million (30,000,000 Euros). So what you can say that is for a private sector data controller the maximum fine level could actually decrease if turnover is less than £25 million but increase to 4% of turnover if over £25 million.

In fact what you can say is that if you notify at £500 the maximum fine has increased; if not it has decreased.

For a public sector body data controller the maximum fine is about two thirds bigger (£830,000).

Wow... glad you cleared that up :) Seriously though, thank you for this overview.

It is nice to see that B2B marketing has not been picked up in the must have explicit consent before marketing. As this would cause many companies serious issues.

The comments to this entry are closed.

All materials on this website are the copyright of Amberhawk Training Limited, except where otherwise stated. If you want to use the information on the blog, all we ask is that you do so in an attributable manner.