IT Governance Ltd is now a GRC Solutions company. Find out more

GDPR Penalties & Fines | What's the Maximum Fine in 2023?

Administrative fines and other penalties for non-compliance with the UK General Data Protection Regulation and Data Protection Act 2018, and EU General Data Protection Regulation

GDPR penalties and fines

Now that the Brexit transition period has ended, there are two versions of the GDPR (General Data Protection Regulation) that UK organisations might need to comply with: 

  • The UK GDPR, which, with the DPA (Data Protection Act) 2018, applies to the processing of UK residents’ personal data; and 
  • The EU GDPR, which continues to apply to the processing of EU residents’ personal data. 

Learn more about the differences between the UK GDPR and EU GDPR

The UK GDPR and DPA 2018 set a maximum fine of £17.5 million or 4% of annual global turnover – whichever is greater – for infringements.

The EU GDPR sets a maximum fine of €20 million (about £18 million) or 4% of annual global turnover – whichever is greater – for infringements.

However, not all GDPR infringements lead to data protection fines. Supervisory authorities such as the UK’s ICO (Information Commissioner’s Office) can take a range of other actions, including:

  • Issuing warnings and reprimands;
  • Imposing a temporary or permanent ban on data processing;
  • Ordering the rectification, restriction or erasure of data; and
  • Suspending data transfers to third countries.

For comprehensive guidance and practical advice on complying with the GDPR, read our bestselling EU General Data Protection Regulation (GDPR) – An Implementation and Compliance Guide.

UK data protection law is currently being revised. We are following the progress of the Data Protection and Digital Information (No.2) Bill through parliament and will keep you updated on how it might affect your data processing obligations.

GDPR and Data Protection Act 2018 Staff Awareness E-learning Course

GDPR and Data Protection Act 2018 Staff Awareness E-learning Course

This GDPR staff awareness training course will help you comply with Article 39 of the GDPR by demonstrating that you’re continually training your staff on their responsibilities.

  • An introduction to data protection and the GDPR.
  • What data confidentiality, integrity and availability are and how to maintain them.
  • Examples of personal data and best practices for protecting it.
  • How your organisation should meet its obligations.

An overview of the fundamental data protection principles and how to adhere to them.

Buy now

What is the maximum fine for a GDPR breach?

Who gets the money from GDPR fines in the UK?

How are GDPR fines calculated?

Can an individual be fined under the GDPR?

How to avoid GDPR fines and penalties

GDPR fines so far

Useful external links

Free GDPR resources

Achieve GDPR compliance with our all-in-one solutions

 

What is the maximum fine for a GDPR breach?

There are two levels of GDPR fine:

Lower level of GDPR penalties

Fines of up to £8.7 million under the UK GDPR, €10 million under the EU GDPR or 2% of annual global turnover can be issued for infringements of articles:

  • 8 (conditions for children’s consent);
  • 11 (processing that doesn’t require identification);
  • 25 – 39 (general obligations of processors and controllers);
  • 42 (certification); and
  • 43 (certification bodies).

Higher level of GDPR penalties

Fines of up to £17.5 million under the UK GDPR, €20 million under the EU GDPR or 4% of annual global turnover can be issued for infringements of articles:

 

Who gets the money from GDPR fines in the UK?

 

How are GDPR fines calculated?

 

Can an individual be fined under the GDPR?

 

How to avoid GDPR fines and penalties

 

GDPR fines so far

 
 

Free GDPR resources

 

Achieve GDPR compliance with our all-in-one solutions

Suffered a data breach? The clock is ticking

The GDPR requires you to notify the ICO without undue delay and within 72 hours of discovering a data breach.
Act fast with our Data Breach Management Service to ensure you fulfil the Regulation’s breach notification requirements quickly and efficiently.

Find out more

Save 25% on
foundation
training