A leaked draft proposal posted by StateWatch and created by the European Commission reports that most Member States appear to be in favour of introducing a three-tiered fine system for non-compliance with EU data protection rules. Under the proposal, which was revised as a result of the 21 April 2015 meeting, all Member States are required to implement a system which provides effective, proportionate and dissuasive penalties, and creates three levels of fines at 0.5%, 1% and 2% of an organisation’s total worldwide annual turnover.

The fine criteria is set out under Article 79a of the draft General Data Protection Regulation (the ‘GDPR’), and the amount of the fine will depend upon the nature, gravity and duration of the infringement. As examples, a fine of up to 0.5% could be levied against organisations that fail to respond to data subject access requests within the prescribed period, or that charge a fee for dealing with such requests. Failure to provide the correct information in response to data subject access requests, failure to be transparent about the purposes for processing individuals’ data, or breaches of the right to be forgotten principle may now lead to a fine of up to 1%.
Continue Reading Search engine providers face tougher fines under proposed EU tiered fine system