The GDPR specifies fines that may be levied against data controllers for certain infringements. Which of the following infringements would be subject to the less severe administrative fine of up to 10 million euros (or in the case of an undertaking, up to 2% of the total worldwide annual turnover of the preceding financial year)?
According to Article 83(4) of the GDPR, the infringement involving the failure to implement technical and organizational measures to ensure data protection by design and default is subject to the less severe administrative fine of up to 10 million euros (or up to 2% of the total worldwide annual turnover of the preceding financial year). This infringement specifically relates to Article 25 of the GDPR, which focuses on data protection by design and by default, making option B the correct choice.
The proposed "B" is correct. Art 83(3) defines when fines up to 10 million turnover or 2% max are being applied; and applies among other tings to infringement of Art. 25 (Data protection by design and by default): "the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures."
The correct answer is A. Failure to demonstrate that consent was given by the data subject to the processing of their personal data where it is used as the basis for processing is an infringement that may result in an administrative fine of up to 10 million euros (or in the case of an undertaking, up to 2% of the total worldwide annual turnover of the preceding financial year) under the GDPR (Article 83(4)). Failure to implement technical and organizational measures to ensure data protection is enshrined by design and default, failure to process personal information in a manner compatible with its original purpose, and failure to provide the means for a data subject to rectify inaccuracies in personal data are all considered more serious infringements and may result in much higher fines (up to 20 million euros or up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher).
Not A: https://gdpr.eu/fines/ The more serious infringements go against the very principles of the right to privacy and the right to be forgotten that are at the heart of the GDPR. These types of infringements could result in a fine of up to €20 million, or 4% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher. These include any violations of the articles governing: ... The conditions for consent (Article 7) — When an organization’s data processing is justified based on the person’s consent, that organization needs to have the documentation to prove it.
The correct Answer is B. Refer to Article 83(4)(a)
A is answer
Cannot be A as DSR are higher fines (4%), its D