The General Data Protection Regulation (GDPR) specifies fines that may be levied against data controllers for certain infringements. Which of the following will be subject to administrative fines of up to 10 000 000 EUR, or in the case of an undertaking, up to 2% of the total worldwide annual turnover of the preceding financial year?
The General Data Protection Regulation (GDPR) specifies fines based on the severity of the infringement. Among the options listed, failure to implement technical and organizational measures to ensure data protection by design and default is subject to administrative fines of up to 10 000 000 EUR, or in the case of an undertaking, up to 2% of the total worldwide annual turnover of the preceding financial year. This requirement falls under GDPR Articles 25, which specifically addresses data protection by design and by default.
The less severe infringements could result in a fine of up to €10 million, or 2% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher. They include any violation of the articles governing: Controllers and processors (Articles 8, 11, 25-39, 42, and 43) — Organizations that collect and control data (controllers) and those that are contracted to process data (processors) must adhere to rules governing data protection, lawful basis for processing, and more. As an organization, these are the articles you need to read and adhere to. https://gdpr.eu/fines/
B. Failure to implement technical and organizational measures to ensure data protection is enshrined by design and default The GDPR sets different tiers of administrative fines based on the severity of the infringement. Failing to implement data protection by design and default is subject to the lower tier of fines, which can go up to 10 million EUR or 2% of the company’s global annual revenue, whichever is higher.
D. Failure to provide the means for a data subject to rectify inaccuracies in personal data According to the GDPR, violations of certain obligations can result in administrative fines of up to 10,000,000 EUR or, in the case of an undertaking, up to 2% of the total worldwide annual turnover of the preceding financial year, whichever is higher. One such obligation is the failure to provide the means for a data subject to rectify inaccuracies in personal data, as stipulated under GDPR Article 16. In contrast, the other listed failures (such as failure to demonstrate consent, failure to implement data protection by design and default, and failure to process personal information in a manner compatible with its original purpose) are subject to higher fines, up to 20,000,000 EUR or 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.
B, B & D is gross misconduct and would result in higher fine- 4%
should be B
For me A and B but - failing to demonstrate that consent was given by the data subject for processing their personal data (where consent is the basis for processing) can result in administrative fines of up to €10 million, or 2% of the total worldwide annual turnover of the preceding financial year, whichever amount is higher.
should be B
Should be B
B should be the answer, the rest result in tier 2 fines
i would suggest letter B