What is the maximum fine for non-compliance with GDPR?

The maximum fine for non-compliance with the General Data Protection Regulation (GDPR) can reach €20 million or 4% of the total worldwide annual turnover, whichever is greater. This tiered approach to fines aims to ensure that penalties for violations are both significant and proportionate to the scale of the offending organization.

The GDPR outlines two tiers of fines based on the severity of the infringement. The most severe violations, which could include issues such as violating the basic principles for processing personal data, failure to comply with the rights of data subjects, or not adhering to the obligations of controllers and processors, are subject to this maximum fine.

This structure is critical in promoting compliance and accountability amongst organizations, as it empowers regulators with the authority to impose significant penalties that can impact a company's financial standing. It is meant to encourage careful handling of personal data and compliance with data protection laws throughout the European Union.